Back
Technology

AI Assistants Grok and Copilot Can Be Exploited for Command-and-Control Activity

Generated on: Last updated: 1 sources
View source

AI Assistants Exploited for Command-and-Control Activities

Cybersecurity company Check Point Research has identified a novel method where AI assistants, specifically Grok and Microsoft Copilot, can be leveraged to intermediate command-and-control (C2) activity.

The Mechanism: AI as a Stealthy C2 Relay

Threat actors can use AI services to relay communication between a C2 server and a target machine, facilitating the delivery of commands and retrieval of stolen data. Instead of malware directly connecting to a C2 server, it communicates with an AI web interface. The malware instructs the AI agent to fetch an attacker-controlled URL and then parses the AI's output to receive the response.

Check Point's proof-of-concept utilized the WebView2 component in Windows 11, which allows native desktop applications to display web content, to interact with Grok or Copilot. A C++ program was used to open a WebView to one of these AI platforms.

Bidirectional Communication and Enhanced Evasion

The AI assistant extracts or summarizes instructions from the attacker-controlled webpage in response to the malware's query. This establishes a bidirectional communication channel via the AI service.

This communication channel, facilitated via the AI service, can be perceived as trusted by internet security tools, allowing data exchanges to occur without being easily flagged or blocked.

The proof-of-concept, tested on Grok and Microsoft Copilot, did not require accounts or API keys for the AI services. This characteristic reduces traceability and makes primary infrastructure blocks more challenging, as there are no API keys to revoke or accounts to block if anonymous usage is permitted. Researchers also noted that while safeguards exist to block malicious exchanges on AI platforms, these can be bypassed by encrypting data into high-entropy blobs.

Microsoft's Response and Defense Recommendations

BleepingComputer contacted Microsoft regarding this exploitation. A Microsoft spokesperson stated:

"We appreciate Check Point Research for identifying and responsibly reporting this proof of concept. As with any compromised device, attackers may attempt to communicate using a variety of available services, including AI-based services. We recommend users implement defense-in-depth security practices, which are designed to help prevent the initial malware infection and reduce the impact of post-compromise activity."

Microsoft recommends that users implement defense-in-depth security practices to help prevent the initial malware infection and reduce the impact of post-compromise activity.