CybersecurityJuly 6, 2026· via Security Affairs

Malware’s Evolving Playbook: AI Abuse, Cloud Attacks and Stealthy Stealers

Malware’s Evolving Playbook: AI Abuse, Cloud Attacks and Stealthy Stealers

Image : Security Affairs

Threat actors are increasingly blending novel techniques with traditional malware tactics, turning open-source ecosystems, cloud services and even AI frameworks into weapons. A new wave of attacks leverages hijacked npm packages, AI-branded browser extensions, and blockchain-based command-and-control to steal credentials and mine cryptocurrency while evading detection.

When Convenience Becomes a Backdoor

Open-source repositories continue to be a prime target. In one campaign, malicious npm packages disguised as Rollup Polyfills were distributed, targeting developers with credential and crypto-stealing malware. The attackers used novel Visual Studio Code autorun mechanisms and blockchain dead drops—decentralized storage points embedded in transactions—to maintain stealthy communication channels. These methods reduce reliance on traditional C2 servers, making takedowns more difficult and investigations more complex.

AI Meets Malware: A Dangerous Combination

Threat groups are also weaponizing AI to enhance their operations. Researchers uncovered an experimental framework that generates PowerShell malware using large language models, enabling attackers to bypass static detection tools. Meanwhile, a Rust-based macOS infostealer named PamStealer validates stolen credentials through PAM modules, showing how attackers are refining their tools for persistence and credibility. Browser extensions sporting AI-related branding have been repurposed to hijack search results, redirecting users to malicious sites while blending in with legitimate productivity tools.

Cloud and Collaboration Tools Under Fire

Legitimate software is being abused to deliver malware at scale. A recent campaign used ScreenConnect, masquerading as freeware, to deploy payloads in a large-scale operation. This highlights how trusted tools can become vectors when attackers exploit weak distribution channels or social engineering. Similarly, cloud-based services like Cloudflare’s tunneling tools have been observed in ransomware operations, illustrating the blurred line between legitimate IT infrastructure and malicious activity.

As malware evolves, so must defenses. The integration of AI into both attacks and detection suggests a future where adaptive, intelligent malware becomes the norm—and where defenders must leverage AI themselves to keep pace.


Source: Security Affairs. AI-assisted editorial synthesis — TechnoExpress.

Read the original source on Security Affairs →

← Back to home