RECENT cybersecurity research by FortiGuard Labs reveals a new threat involving AsyncRAT AI lures, which are malicious archives disguised as AI learning resources. Users seeking AI education fall victim to these attacks. The malware typically starts with a seemingly harmless 7z archive containing a shortcut and hidden PDFs, which execute a sequence of obfuscated commands leading to malicious PowerShell scripts.
These scripts use legitimate software like AutoHotkey to mask their presence while establishing persistence on infected systems. They create scheduled tasks disguised as legitimate services to ensure continuous operation and evade detection by Microsoft Defender. The malware is modular and can perform various functions like remote access and data exfiltration. Indicators of compromised systems include suspicious shortcuts, unauthorized registry changes, and abnormal PowerShell activity. Cybersecurity defenses are urged to maintain vigilance against these opportunistic attacks targeting individuals interested in AI.