{
	"id": "daca9f36-d9a1-47f0-acc0-f9e557c62b00",
	"created_at": "2026-04-06T01:30:13.95071Z",
	"updated_at": "2026-04-10T03:21:25.694024Z",
	"deleted_at": null,
	"sha1_hash": "1bef42e815cc9f5ae525124a7aa2df6b16a38c33",
	"title": "JustAskJacky: AI brings back real trojan horse malware",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 593777,
	"plain_text": "JustAskJacky: AI brings back real trojan horse malware\r\nBy Karsten Hahn\r\nPublished: 2025-08-13 · Archived: 2026-04-06 00:35:25 UTC\r\n08/13/2025\r\nJustAskJacky: AI causes a Trojan Horse Comeback\r\nReading time: 6 min (1580 words)\r\nDespite what some might want to make you believe, Trojan Horses used to be a rare breed in the last few years.\r\nBut they are back, thanks to AI and LLMs.\r\nMeet Jacky\r\nShould you, rightfully, wonder if trojan horses were ever gone, you may want to continue reading.\r\nYou are a cautious user, you know how shady websites look like, you don’t pirate software and avoid executing\r\nanything suspicious. If you are unsure, you check the file hashes in VirusTotal.com before running a newly\r\ndownloaded setup or unknown executable. \r\nBut you are also curious and try new applications that could make your life easier. You find a website that teaches\r\nyou how to make vegan chocolate cake and download the desktop app to save recipes. You remember that\r\namazing trip to the Amalfi Coast, but all you can find is a tiny, pixelated shot from your old phone. So you turn to\r\nan AI-powered image search tool to track down a high-quality version you can finally frame. And then you find\r\nJacky. She is a young, charming cartoon figure who answers your questions, for instance, how to repair the knob\r\non your bathroom door. \r\nhttps://www.gdatasoftware.com/blog/2025/08/38247-justaskjacky-ai-trojan-horse-comeback\r\nPage 1 of 5\n\nJustAskJacky desktop app has tips for all kinds of topics\r\nAll these websites look professional, they have no spelling errors, include several tabs like \"About\", \"Privacy\" or\r\n\"Terms \u0026 Conditions\"—in short they do not “feel” shady. For all applications that are provided for free on these\r\nwebsites, VirusTotal’s scanners had zero concerns. Your careful measures that have been protecting your systems\r\nperfectly well in the last 20 years, may not work anymore.\r\nThe proficient cartoon lady Jacky schedules a task behind your back that autoruns her code at random times\r\nseveral times a day and the very same server that she uses to obtain answers for your bathroom door repair\r\nquestions also sends Jacky evil commands behind your back (sample [1], see image below).\r\nJustAskJacky executes arbitrary code from its C2 server using eval; this code was deobfuscated\r\n(sample [1])\r\nThe recipe app indeed only downloads recipes; however, any tab, space, or other white space characters, which are\r\nembedded in those recipes, are interpreted as commands to execute (see this analysis article by dingusxmcgee). \r\nhttps://www.gdatasoftware.com/blog/2025/08/38247-justaskjacky-ai-trojan-horse-comeback\r\nPage 2 of 5\n\nThe AI-based image search tool finds a high-quality version of your Amalfi Coast photo for free in exchange for\r\ngiving threat actors free access to your system (see tweet by HuntYethHounds) \r\nThese are not isolated cases anymore, this is a full blown trojan horse comeback. But trojan horses were never\r\ngone, were they? What exactly changed here? \r\nTrojan horses were rare until now: a terminology issue\r\nThis article’s headline might cause some readers to do a double-take and ask rightfully themselves “I thought they\r\nnever went away in the first place?”. This might warrant some explanation.  If you check any security news outlet,\r\nyou will find that they use the term “trojan” abundantly. The problem is the polysemy of “trojan” and having no\r\nalternative word to describe the specific malware type I am talking about. \r\nVery often “trojan” just means any non-viral malware, meaning “malware that does not actively replicate itself”.\r\nSometimes it describes an infection vector that involves deceit, e.g., a PDF icon and a pdf.exe file extension. At\r\nother times it is even used as a synonym for malware. \r\nWhen a malware researcher like me uses the term “trojan”, I am referring to a malware that implements a useful\r\napplication as a core component of itself. The malware does not exist outside its useful application. For instance,\r\nthe AIDS trojan horse, which was the first of its kind, cannot be separated from the AIDS information program\r\n(see also link). Similarly, the recipes with the malware commands hidden in whitespace are necessary for the\r\nTamperedChef backdoor to work. \r\nAlthough trojan horses of that kind were never entirely gone, “true” trojan horses were certainly comparably rare\r\nin the last 10-15 years. Instead, we saw standard variety malware bundled with legitimate applications using third-party tools, so called “joiners” or “binders”. Such externally joined software is not a malware type, because the\r\nmalware’s core is independent and separable from the bundled decoy program. \r\nThat brings us to the question, what caused this resurgence of classical trojan horses? \r\nRelationship between AI and antivirus evasion\r\nThe answer is the availability of Large Language Models (LLMs). To understand that connection, we need to look\r\nat the relationship between antivirus software and malware evasion techniques.  \r\nThreat actors use multi scanning systems like VirusTotal to determine if their malware evades antivirus software.\r\nThe scanners on VirusTotal have limited capabilities compared to the full antivirus products. They mostly rely on\r\nstatic scanning; features like behavior- or context-based signatures or in-memory scanning are not part of them.  \r\nWhile it is a fallacy to assume evasion on VirusTotal equals evasion of an antivirus product, it is also the easiest\r\nand therefore most common way to test effectiveness of evasion techniques. For that reason threat actors make\r\nabundant use of Virustotal or their own underground versions of multiscanner systems to test malware evasion.\r\nBecause of the scanners’ limitations on VirusTotal, they mostly detect already known malware. To evade those\r\nscanners, all you need as threat actor is new malware code. In the last decades threat actors have mainly used\r\npacking for evasion. Packers are the convenient alternative to re-writing all code from scratch. The latter is a high-https://www.gdatasoftware.com/blog/2025/08/38247-justaskjacky-ai-trojan-horse-comeback\r\nPage 3 of 5\n\neffort task—or, to put it better, it used to be a high effort task before LLMs came into the picture. And that brings\r\nus to the reason for the trojan horse comeback.\r\nGut feeling betrays you\r\nThat icky feeling you get for suspicious websites is often based on the perceived effort for website creation in\r\ncombination with correctness of grammar and spelling. But LLMs fill threat actors’ websites with enough\r\nconvincing content that the perceived effort is not distinguishable from those of legitimate websites. Creating a\r\nwhole database full of recipes and food pictures to promote a backdoored recipe app would not have been feasible\r\nin the past; but it is now. Generating somewhat useful, functional desktop applications alongside those websites is\r\nalso similarly easy. That makes LLMs a great tool for threat actors to create and promote trojanized software. This\r\nnewly generated code is unknown to static scanners, which means packing is not necessary to evade static\r\nscanners on VirusTotal.\r\nTamperedChef[2] is not packed and remained undetected on VirusTotal for six weeks since its first submission.\r\nThat is a relatively long time, which underlines the point that LLM generated code evades static scanners. While I\r\ndo not know for sure that an LLM was used, there are strong indicators for that. For instance, if you look at\r\nTamperedChef’s code (see image below), you can see an orderly structured, thoroughly commented piece of\r\nsoftware.\r\nTamperedChef: The function that executes commands hidden in recipes has extensive comments\r\nthat also mention the use of steganography; a fact that threat actors would usually rather hide\r\n(sample [2])\r\nThreat actors usually do not want to help reverse engineers to do their job. So if they write the malware\r\nthemselves, they don’t put extra effort into making the code readable. With LLM generated code it is the other\r\nway around: threat actors must put extra effort into making the code less readable. So they may decide to skip this\r\nstep and use the code with everything that the LLM put there, including truthful comments where the backdoor\r\ncommands are decoded and executed.\r\nA trend that stays and what to do against it\r\nhttps://www.gdatasoftware.com/blog/2025/08/38247-justaskjacky-ai-trojan-horse-comeback\r\nPage 4 of 5\n\nObviously, static signatures are not a remedy for the situation. Instead, it’s the use of context, behavior and\r\ndynamic analysis for generic detection signatures that protect against these threats. A malware like JustAskJacky\r\nraises red flags for an AV program when it runs with its scheduled tasks at random intervalls.  \r\nAll these techniques have been used for decades by defenders, they are just not that present on multiscanning sites\r\nand they must be adapted when standard techniques of malware evolve. \r\nHowever, users who safely navigated the web for the last decades might be more at risk right now. Common sense\r\nand gut feeling don’t sufficiently protect against modern threats that are indistinguishable from legitimate websites\r\nwhich also use LLMs. Regardless, common sense is still highly advisable. \r\nIf you think that an LLM wrote this article, I have news for you: The em dash is a standard character in\r\nprofessional writing that I have been using for the last 15 years and I will not reduce expressiveness, just because\r\nit might be misinterpreted. I did, however, ask Jacky for a guide on how to write a blog post as you may have\r\nnoticed from the first screenshot. Do you think it worked? ;)\r\nKarsten Hahn\r\nPrincipal Malware Researcher\r\n Content\r\nMeet Jacky\r\nTrojan horses were rare until now: a terminology issue\r\nRelationship between AI and antivirus evasion\r\nGut feeling betrays you\r\nA trend that stays and what to do against it\r\nSource: https://www.gdatasoftware.com/blog/2025/08/38247-justaskjacky-ai-trojan-horse-comeback\r\nhttps://www.gdatasoftware.com/blog/2025/08/38247-justaskjacky-ai-trojan-horse-comeback\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://www.gdatasoftware.com/blog/2025/08/38247-justaskjacky-ai-trojan-horse-comeback"
	],
	"report_names": [
		"38247-justaskjacky-ai-trojan-horse-comeback"
	],
	"threat_actors": [],
	"ts_created_at": 1775439013,
	"ts_updated_at": 1775791285,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/1bef42e815cc9f5ae525124a7aa2df6b16a38c33.pdf",
		"text": "https://archive.orkl.eu/1bef42e815cc9f5ae525124a7aa2df6b16a38c33.txt",
		"img": "https://archive.orkl.eu/1bef42e815cc9f5ae525124a7aa2df6b16a38c33.jpg"
	}
}