NATION-STATE Actor Embraces AI Malware Assembly Line. Pakistan's APT36 threat group has begun using vibe-coding to churn out malware at scale, blending AI tools with multiple programming languages. Bitdefender dubbed the tactic “Distributed Denial of Detection” after spotting vibe-coded malware in attacks targeting Indian government entities, its embassies across several countries, and other targets in South Asia.
The vibeware samples were notably low quality, with one browser-credentials tool containing a placeholder for a C2 address and a backdoor whose status-reporting function reset its timestamp, making detection harder. APT36, aka Transparent Tribe, is developing malware in obscure languages like Nim, Zig and Crystal and deploying multiple implants in parallel to keep access if one channel is neutralised, with Bitdefender estimating daily variant production.
The group is also using AI-assisted methods to exploit legitimate cloud platforms for C2, issuing commands and receiving stolen data via Slack, Discord, Google Sheets and Supabase. March 5, 2026.