{
	"id": "564cd8ae-fe7f-4d48-8b71-9f408d7ea2cf",
	"created_at": "2026-04-10T03:22:08.956555Z",
	"updated_at": "2026-04-10T03:22:16.583863Z",
	"deleted_at": null,
	"sha1_hash": "c515f819a0e84fdcce83c32d2cae4b1ad8134ba5",
	"title": "EvilAI Operators Use AI-Generated Code and Fake Apps for Far-Reaching Attacks",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 3558695,
	"plain_text": "EvilAI Operators Use AI-Generated Code and Fake Apps for Far-Reaching Attacks\r\nBy Jeffrey Francis Bonaobra, Joshua Aquino, Emmanuel Panopio, Emmanuel Roll, Joshua Lijandro Tsang, Armando\r\nNathaniel Pedragoza, Melvin Singwa, Mohammed Malubay, Marco Dela Vega ( words)\r\nPublished: 2025-09-11 · Archived: 2026-04-10 02:23:11 UTC\r\nKey takeaways\r\nEvilAI disguises itself as productivity or AI-enhanced tools, with professional-looking interfaces and valid\r\ndigital signatures that make it difficult for users and security tools to distinguish it from legitimate\r\nsoftware.\r\nBased on our telemetry, EvilAI infections have appeared globally, with the highest impact in Europe, the\r\nAmericas, and the AMEA region. The EvilAI malware campaign has predominantly impacted\r\norganizations in manufacturing, government/public services, and healthcare.\r\nIt exfiltrates sensitive browser data and maintains encrypted, real-time communication with its command-and-control servers using AES-encrypted channels to receive attacker commands and deploy additional\r\npayloads.\r\nTrend Vision One™ safeguards against EvilAI by detecting and blocking the IOCs outlined in this post.\r\nCustomers also have access to targeted threat hunting queries, intelligence reports, and actionable threat\r\ninsights, enabling a proactive approach to defense against EvilAI infections.\r\nIn recent weeks, Trend™ Research has observed a new wave of malware campaigns that infiltrate systems by\r\nposing as legitimate AI tools and software – complete with realistic interfaces, code signing, and convincing\r\nutility features – making them appear legitimate to end users. Rather than relying on obviously malicious files,\r\nthese trojans mimic the appearance of real software to go unnoticed into both corporate and personal\r\nenvironments, often gaining persistent access before raising any suspicion.\r\nThe sophistication and adaptability observed suggests the work of a highly capable threat actor. Increasingly,\r\nattackers are leveraging AIopen on a new tab tools to generate malware code that looks clean and legitimate,\r\nallowing it to evade detection by traditional security solutions. This blurring line between authentic and deceptive\r\nsoftware highlights the mounting challenges faced by defenders.  For clarity and consistency in our reporting,\r\nTrend Micro will be tracking this malware family as EvilAI. \r\nVictimology: Early signs of a global campaign\r\nAlthough data collection from our internal telemetry began on August 29, just one week of monitoring has\r\nrevealed the aggressive and rapid spread of the EvilAI malware. Trend’s threat intelligence data showed detections\r\nof EvilAI on a global scale. Europe has reported the highest number of cases with 56 incidents, followed by the\r\nAmericas (North, Central, and South) and AMEA (Asia, Middle East, and Africa), each with 29. This swift,\r\nhttps://www.trendmicro.com/en_us/research/25/i/evilai.html\r\nPage 1 of 26\n\nwidespread distribution across multiple regions strongly indicates that EvilAI is not an isolated incident but rather\r\nan active and evolving campaign currently circulating in the wild.\r\nRegion Count\r\nEurope 56\r\nAmericas 29\r\nAMEA 29\r\nTable 1. Top three regions with EvilAI malware detections\r\nAffected countries\r\nThe global reach of the EvilAI malware is evident, with the highest number of cases shown in Table 2. This\r\nwidespread distribution across diverse regions highlights EvilAI’s non-selective targeting, leveraging\r\nsophisticated social engineering and AI-generated, legitimate-looking code to seamlessly infiltrate systems,\r\nevading detection and gaining persistent access to maximize disruption worldwide.\r\nCountry Count\r\nIndia 74\r\nUnited States 68\r\nFrance 58\r\nItaly 31\r\nBrazil 26\r\nGermany 23\r\nUnited Kingdom 14\r\nNorway 10\r\nSpain 10\r\nCanada 8\r\nTable 2. Top 10 countries with EvilAI malware detections\r\nAffected industries\r\nIndustry analysis further reinforces this picture. Infections have struck critical sectors, including manufacturing at\r\n58 cases, government/public services with 51, and 48 in healthcare among the top impacted areas. Even smaller\r\nsectors have reported cases, as shown below in Table 3. Using sophisticated social engineering and AI-generated\r\nhttps://www.trendmicro.com/en_us/research/25/i/evilai.html\r\nPage 2 of 26\n\nlegitimate-looking code, EvilAI's non-selective targeting allows seamless infiltration across critical and non-critical sectors, evading detection and gaining persistent access before raising suspicion.\r\nIndustry Count\r\nManufacturing 58\r\nGovernment 51\r\nHealthcare 48\r\nTechnology 43\r\nRetail 31\r\nEducation 27\r\nFinancial Services 22\r\nConstruction 20\r\nNon-profit 19\r\nUtilities 9\r\nTable 3. Top affected industries with EvilAI malware detections\r\nThe early victimology confirms that EvilAI is a broad and indiscriminate campaign, already achieving significant\r\nglobal impact within a short tracking window. If left unchecked, this trajectory suggests the potential for rapid\r\nescalation in scope and severity.\r\nTechnical details\r\nTrojans disguised as legitimate software\r\nA common and highly effective evasion tactic used by EvilAI is making malicious software appear legitimate at\r\nevery level. This starts with the use of plausible, purpose-driven file names – each chosen to match the advertised\r\nutility of the application. While these names may not mimic popular software brands, they are generic and\r\npurposeful enough to appear authentic when seen by users. These include:\r\nApp Suite\r\nEpi Browser\r\nJustAskJacky\r\nManual Finder\r\nOne Start\r\nPDF Editor\r\nRecipe Lister\r\nTampered Chef\r\nhttps://www.trendmicro.com/en_us/research/25/i/evilai.html\r\nPage 3 of 26\n\nWidespread malware distribution\r\nThese malicious applications have been widely distributed online, often circulating for months before being\r\nidentified as threats, enabling broad penetration of both corporate and personal environments. Rather than\r\ncompromising trusted vendors, attackers spread these fake programs by:\r\nHosting them on newly registered websites that imitate vendor portals or tech solution pages\r\nUsing malicious advertisements, SEO manipulation, and promoted download links on forums and social\r\nmedia\r\nEncouraging users to download tools for productivity, document handling, or AI-enhanced capabilities\r\nBecause the installers often function like legitimate software and may offer basic features, users are less likely to\r\nsuspect foul play, allowing the malware to operate unnoticed.\r\nHigh-fidelity mimicry of software interfaces, file naming, and digital signatures\r\nThis masquerade is further reinforced by professionally crafted user interfaces and real, working features that\r\nmatch the expectations set by the application's name. For example, a user opening \"Recipe Lister\" is presented\r\nwith recipe-management functionalities, while \"Manual Finder\" supplies documentation search features. This\r\ndirect alignment between name and function helps dispel user suspicion and encourages engagement.\r\nTo enhance credibility, attackers often abuse digital signatures and trusted certificates (Figure 1). Some groups go\r\nso far as to obtain or misuse code-signing certificates, granting their malware an additional layer of trust by\r\nmaking it appear as “verified” software. In many cases, these certificates are eventually revokedopen on a new tab\r\nonce the abuse is discovered.\r\nhttps://www.trendmicro.com/en_us/research/25/i/evilai.html\r\nPage 4 of 26\n\nThe following digital signatures were observed in samples identified during our threat hunting:\r\nApp Interplace LLC\r\nByte Media Sdn Bhd\r\nEcho Infini Sdn. Bhd.\r\nGLINT SOFTWARE SDN. BHD.\r\nGlobal Tech Allies ltd\r\nPixel Catalyst Media LLC\r\nTheir registration dates, which fall between 2024 and 2025, indicate that these entities are relatively new. This\r\ntiming may correspond with a tactic commonly observed in malware-signing campaigns, in which disposable\r\ncompanies are established to obtain new digital certificates after old ones are revoked.\r\nMalware in functional software\r\nAdditionally, EvilAI’s operators often create entirely novel applications that do not correspond to any true,\r\nlegitimate product. Rather than copying established software brands, the threat actors invent new application\r\nnames and features, making detection even harder. In many cases, the malware is bundled with functional\r\napplications, allowing users to interact with software that works as expected while the hidden malicious payload\r\noperates in the background. This dual-purpose approach ensures the user’s expectations are met, further lowering\r\nthe chance of suspicion or investigation.\r\nhttps://www.trendmicro.com/en_us/research/25/i/evilai.html\r\nPage 5 of 26\n\nUse of AI for defense evasion\r\nAI is increasingly being used to help malware slip past security tools. With AI for coding, website, and app\r\ngeneration becoming mainstream, attackers are now leveraging LLMs to create new malware code that is clean,\r\nnormal-looking, and does not trigger static scanners. In the case of JustAskJackyopen on a new tab, the malware\r\nleveraged AI to produce code that appears legitimate at first glance, unlike older, noisy samples, making detection\r\nmuch harder. By combining believable functionality with stealthy payload delivery, AI is reviving classic threats\r\nlike Trojans and giving them new evasion capabilities against modern antivirus (AV) defenses.\r\nInfection flow\r\nTrend’s internal telemetry has uncovered an attack chain where seemingly legitimate applications – often\r\nadvertised and distributed through newly registered or imitation websites – are used as decoys to deliver malicious\r\npayloads (Figure 2). When users launch these applications, the expected user interface appears, masking the\r\nexecution of harmful activities in the background.\r\nNode.js-based malware delivery\r\nUnbeknownst to the user, the application triggers a command that silently launches Node.js (node.exe) via the\r\nWindows command line, executing a JavaScript payload stored in the user’s temporary directory (Figure 3). The\r\npayload is dropped during the installation of the application. The execution chain resembles the following\r\nexample:\r\ncmd.exe /c start \"\" /min \"C:\\Users\\\u003cuser\u003e\\AppData\\Roaming\\NodeJs\\node.exe\" \"C:\\Users\\\r\n\u003cuser\u003e\\AppData\\Local\\TEMP\\[GUID]of.js\"\r\nhttps://www.trendmicro.com/en_us/research/25/i/evilai.html\r\nPage 6 of 26\n\nThe JavaScript files are typically named with a GUID suffix and end in two characters – commonly “or”, “ro”, or\r\n“of” – a pattern consistently observed both in our internal investigations and in samples identified from public\r\nrepositories.\r\nWhile the legitimate application window operates in the foreground, this covert process enables the malware to\r\nexecute unnoticed.\r\nPersistence mechanisms\r\nThe malware establishes persistence by creating a scheduled task named sys_component_health_{UID}, disguised\r\nto look like a legitimate Windows process. This task runs Node.js (node.exe) in minimized mode to execute a\r\nmalicious JavaScript file hidden in the user’s Temp folder. It triggers daily at 10:51 AM and repeats every four\r\nhours, ensuring the malware is relaunched multiple times a day even after system reboots (Figure 4). The\r\nfollowing command was directly observed during our investigation:\r\nC:\\windows\\system32\\cmd.exe /d /s /c \"schtasks /Create /TN \"sys_component_health_{UID}\" /TR\r\n\"\\\"C:\\Windows\\system32\\cmd.exe\\\" /c start \\\"\\\" /min \\\"%^LOCALAPPDATA^%\\Programs\\nodejs\\node.exe\\\"\r\n\\\"%^LOCALAPPDATA^%\\TEMP\\{UID}or.js\\\"\" /SC DAILY /ST 10:51 /RI 240 /DU 24:00 /F\"\r\nAn associated scheduled task file was also identified (Figure 5).\r\nhttps://www.trendmicro.com/en_us/research/25/i/evilai.html\r\nPage 7 of 26\n\nC:\\Windows\\System32\\Tasks\\PDFEditorUScheduledTask\r\nIn addition to scheduled task creation, the malware creates a shortcut file for PDF Editor in the Start Menu\r\nPrograms folder (Figure 6).\r\nC:\\Users\\{User Name}\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\PDF Editor.lnk\r\nFurthermore, persistence is strengthened by adding an entry to the Windows Registry Run key, which ensures that\r\nPDFEditorUpdater executes at user logon (Figure 7).\r\nHKEY_USERS\\\u003cUser_SID\u003e\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\PDFEditorUpdater\r\nUse of WMI for process enumeration\r\nThe attacker utilized Windows Management Instrumentation (WMI) to determine if Microsoft Edge or Google\r\nChrome was running on the system. By leveraging PowerShell commands that query WMI objects, the attacker\r\nwas able to enumerate active processes associated with these web browsers (Figure 8). The following commands\r\nwere observed:\r\nhttps://www.trendmicro.com/en_us/research/25/i/evilai.html\r\nPage 8 of 26\n\nC:\\windows\\system32\\cmd.exe /d /s /c \"powershell.exe \"Get-WmiObject Win32_Process | Where-Object {\r\n$_.Name -eq 'chrome.exe' }\"\"\r\nC:\\windows\\system32\\cmd.exe /d /s /c \"powershell.exe \"Get-WmiObject Win32_Process | Where-Object {\r\n$_.Name -eq 'msedge.exe' }\"\"\r\nSoftware enumeration via registry queries\r\nShortly after checking for browsers, the attacker performed a series of registry queries to enumerate installed\r\nsoftware, the majority of which were security and AV products (Figure 9). During this process, the attacker also\r\nattempted to discover uninstall strings or configuration settings present in the registry that could potentially be\r\nused for further automated actions.\r\nhttps://www.trendmicro.com/en_us/research/25/i/evilai.html\r\nPage 9 of 26\n\nC:\\windows\\system32\\cmd.exe /d /s /c \"reg query\r\n\"HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\Bitdefender\" /v \"UninstallString\"\"\r\nC:\\windows\\system32\\cmd.exe /d /s /c \"reg query \"HKCU\\Software\\KasperskyLabSetup\"\"\r\nC:\\windows\\system32\\cmd.exe /d /s /c \"reg query\r\n\"HKLM\\Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\REC\" /v \"UninstallString\"\"\r\nhttps://www.trendmicro.com/en_us/research/25/i/evilai.html\r\nPage 10 of 26\n\nC:\\windows\\system32\\cmd.exe /d /s /c \"reg query\r\n\"HKLM\\Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\G DATA ANTIVIRUS\" /v\r\n\"UninstallString\"\"\r\nC:\\windows\\system32\\cmd.exe /d /s /c \"reg query \"HKCU\\Software\\Zillya\\Zillya Antivirus\"\"\r\nC:\\windows\\system32\\cmd.exe /d /s /c \"reg query\r\n\"HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\EPISoftware EpiBrowser\" /v \"UninstallString\"\"\r\nC:\\windows\\system32\\cmd.exe /d /s /c \"reg query \"HKCU\\Software\\CheckPoint\\ZANG\"\"\r\nC:\\windows\\system32\\cmd.exe /d /s /c \"reg query \"HKLM\\Software\\Fortinet\"\"\r\nProcess termination\r\nFollowing process inspection and security product enumeration, the adversary forcibly terminated the Microsoft\r\nEdge and Chrome browser, likely to free files for credential theft or to avoid user detection (Figure 10).\r\ntaskkill /F /IM msedge.exe\r\ntaskkill /IM msedge.exe\r\ntaskkill /F /IM chrome.exe\r\ntaskkill /IM chrome.exe\r\nCredential data duplication from browser profiles\r\nhttps://www.trendmicro.com/en_us/research/25/i/evilai.html\r\nPage 11 of 26\n\nBased on telemetry, the attacker created copies of both the “Web Data” and “Preferences” files from Microsoft\r\nEdge and Google Chrome browser profiles (Figure 11). They then append “Sync” to the filenames (resulting in\r\n“Web Data Sync” and “Preferences Sync”) and store them in the same directory paths, such as:\r\nC:\\Users\\{User Name}\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Web Data Sync\r\nC:\\Users\\{User Name}\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Preferences Sync\r\nC:\\Users\\{User Name}\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data Sync\r\nC:\\Users\\{User Name}\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Preferences Sync \r\nMalicious JavaScript file analysis\r\nObfuscation techniques\r\nThe malware employs multiple layers of code obfuscation to hinder analysis and evade detection, primarily\r\nthrough control flow flattening. It encodes all function names and strings using Unicode escape sequences to\r\nconceal their true purpose, uses meaningless variable names, and implements self-cleaning techniques that\r\ntemporarily modify system objects before erasing all traces of activity. These methods turn otherwise simple\r\noperations into complex puzzles that are extremely difficult for security tools to analyze statically.\r\nAnti-analysis loops\r\nhttps://www.trendmicro.com/en_us/research/25/i/evilai.html\r\nPage 12 of 26\n\nThe malware uses advanced anti-analysis techniques that significantly hinder static code analysis and increase\r\nreverse engineering difficulty. The following summarizes its approach:\r\nImplements anti-analysis loops using MurmurHash3 32-bit hashing to generate unpredictable control flow\r\nconditions.\r\nEach loop operates by converting its counter to a string, calculating a hash (using the counter value, string\r\nlength, and specific magic constants), and then comparing the result to pre-calculated target values\r\nintended to match only on the first iteration.\r\nThis technique creates the appearance of potentially infinite loops to static analysis tools; in reality, each\r\nloop executes only once.\r\nWithin these loops, the malware dynamically constructs critical strings (such as “NextUrl,” “Activity,” and\r\n“iid”) and performs other operations disguised as complex mathematical verification routines.\r\nEmploys dual hash verification layers, utilizing primary and fallback checks to further complicate analysis.\r\nAdds additional obfuscation through bitwise operations and negative constants, making the logic more\r\nchallenging to deduce.\r\nEnsures that altering or skipping the loops disrupts the hash calculations and impedes proper malware\r\nexecution, effectively compelling analysts to rely on dynamic rather than static analysis.\r\nNetwork communication configuration\r\nThe malware begins execution by setting up the command-and-control (C\u0026C) configuration and initializing the\r\nobfuscated runtime environment. It includes a DEFAULT_CONFIG section that contains all the essential\r\nparameters required to establish and maintain communication with its C\u0026C infrastructure (Figure 12). \r\ndomain - specifies the C\u0026C server endpoint used for sending and receiving information\r\niid - acts as a unique instance identifier, serving both as a means of tracking individual infections and as a\r\ncryptographic key to encrypt transmitted data\r\nprogress - appears in the JSON payload and may function as an additional identifier\r\nversion - sent via the URL and is likely used to indicate the malware build version\r\nhttps://www.trendmicro.com/en_us/research/25/i/evilai.html\r\nPage 13 of 26\n\nMain execution loop\r\nEvilAI has a main command processing function that orchestrates the complete malware workflow (Figure 14). It\r\ncommunicates with the C\u0026C server to retrieve encrypted commands, decrypts the response using a session key,\r\nand parses the JSON command structure. The function then processes commands by type, including file\r\noperations (download/write), registry modifications, process execution, and script handling. After execution, it\r\nreports the completion status and may use the NextUrl parameter to fetch additional commands. This cycle is\r\nrepeated continuously, enabling the malware to maintain control and execute complex operations.\r\nhttps://www.trendmicro.com/en_us/research/25/i/evilai.html\r\nPage 14 of 26\n\nMain command-and-control communication\r\nEvilAI initiates communication with its C\u0026C server by sending encrypted session data that includes activity\r\nstatus, progress identifier from configuration, and timestamps (Figure 15). The communication workflow covers\r\nthe entire process – creating JSON payloads, encrypting the data, transmitting it over HTTPS, and parsing the\r\nserver’s encrypted response to extract command data. Once commands are decrypted, the malware executes them,\r\nreports the results back to the C\u0026C via HTTPS POST, and continues the cycle to maintain ongoing control.\r\nhttps://www.trendmicro.com/en_us/research/25/i/evilai.html\r\nPage 15 of 26\n\nHTTP/HTTPS communication handler\r\nEvilAI leverages Node.js http and https modules to create and execute HTTP POST requests with Promise-based\r\nhandling. The function automatically determines whether to use HTTP or HTTPS, constructs request options with\r\nthe required headers, and manages response data through streaming (Figure 16). It also incorporates robust error\r\nhandling to ensure resilience against network failures, allowing reliable communication with the C\u0026C\r\ninfrastructure.\r\nhttps://www.trendmicro.com/en_us/research/25/i/evilai.html\r\nPage 16 of 26\n\nhttps://www.trendmicro.com/en_us/research/25/i/evilai.html\r\nPage 17 of 26\n\nData encryption/decryption function\r\nEvilAI employs AES-256-CBC encryption to secure JSON payloads sent to its C\u0026C server, including session data\r\nsuch as activity status, progress identifiers, timestamps, and command responses (Figure 17). The encryption key\r\nis derived from the malware’s unique instance ID (UUID), and the data is further encoded with base64 before\r\ntransmission. \r\nThe malware also performs AES-256-CBC decryption on command data received from its C\u0026C server, using the\r\nmalware’s unique instance ID to derive the decryption key (Figure 18). The function extracts the first 32 bytes as\r\nthe initialization vector (IV), builds an AES decipher with the derived key and IV, and processes the remaining\r\nencrypted payload while skipping the first 36 bytes.\r\nhttps://www.trendmicro.com/en_us/research/25/i/evilai.html\r\nPage 18 of 26\n\nWith communication and encryption established, EvilAI proceeds to interpret the decrypted payloads, which\r\ncontain the backdoor commands that drive its core malicious operations.\r\nBackdoor commands\r\nEvilAI’s backdoor operations are driven by a central command-handling function that continuously interprets\r\ndecrypted JSON payloads from the C\u0026C server. Rather than relying on specific trigger strings, the malware\r\nmaintains persistent, autonomous communication, instantly processing any structured commands it receives and\r\nensuring the attacker retains uninterrupted control of the infected system.\r\nAt the core of this workflow is the main command execution dispatcher (Figure 19), which validates that each\r\ncommand structure contains the required Value field before systematically executing four categories of operations\r\nin sequence:\r\n1. File downloads via the dedicated downloader\r\n2. File write operations\r\n3. Registry manipulations\r\n4. Process executions\r\nhttps://www.trendmicro.com/en_us/research/25/i/evilai.html\r\nPage 19 of 26\n\nEvilAI’s file download mechanism is divided into two complementary routines. As shown in Figure 20, the low-level HTTPS helper – function u() – handles individual network operations: it takes a URL and target file path,\r\ncreates an HTTPS GET request, streams the response data directly to a file using fs.createWriteStream, and\r\nvalidates HTTP status codes (ensuring 200 OK).\r\nhttps://www.trendmicro.com/en_us/research/25/i/evilai.html\r\nPage 20 of 26\n\nThe malware uses a high-level command processor that manages multiple downloads from C\u0026C server\r\ncommands (Figure 21). It processes arrays of download command objects, validates each command’s structure for\r\nrequired Path and Data fields, expands Windows environment variables (like %TEMP%) in file paths, and calls\r\nthe low-level helper for each download to retrieve files from remote URLs and save them locally.\r\nhttps://www.trendmicro.com/en_us/research/25/i/evilai.html\r\nPage 21 of 26\n\nEvilAI’s registry manipulation capabilities are managed through a multi-tiered function structure. The registry\r\noperations dispatcher (Figure 22) processes arrays of commands received from the C\u0026C server, parsing registry\r\npaths to extract root keys (like HKEY_LOCAL_MACHINE) and subkey components, expanding environment\r\nvariables in registry data values, and routing commands based on the Action field (3 for add, 4 for delete). It then\r\ncalls the appropriate helper functions to execute the modifications. \r\nThe addition routine constructs Windows registry paths and executes reg add via spawnSync, specifying the root\r\nkey, subkey, value name, type (REG_SZ), and data content, forcibly overwriting existing values and returning\r\nnumeric status codes to indicate success or failure (Figure 23).\r\nhttps://www.trendmicro.com/en_us/research/25/i/evilai.html\r\nPage 22 of 26\n\nConversely, the deletion routine constructs paths and executes reg delete via spawnSync with the /f force flag,\r\nremoving specified values while returning status codes to indicate success or failure, enabling the malware to\r\nperform cleanup or anti-forensics operations on the system (Figure 24).\r\nEvilAI uses a process execution handler that manages arrays of command execution requests from the C\u0026C server\r\n(Figure 25). It validates each command to ensure it contains a valid Data field (the command string) and an Action\r\nfield set to 6, indicating process execution. The function then spawns detached processes using Node.js\r\nchild_process.exec with detached: true and stdio: 'ignore' for stealth, running each command independently of the\r\nmalware’s main process via unref() to prevent blocking. This routine serves as EvilAI’s primary mechanism for\r\nexecuting arbitrary system commands, scripts, or additional malicious payloads, providing full remote command\r\nexecution capabilities under the control of the C\u0026C server.\r\nhttps://www.trendmicro.com/en_us/research/25/i/evilai.html\r\nPage 23 of 26\n\nEvilAI uses a file writing operations processor that manages arrays of file write commands received from the\r\nC\u0026C server (Figure 26). Each command is validated to ensure it contains a valid Path and Data field, with the\r\nAction field set to 3 to indicate a file write operation. The processor expands Windows environment variables\r\n(such as %TEMP% and %APPDATA%) in target file paths using regex replacement with process.env substitution,\r\ndecodes hexadecimal-encoded data from the Data field, and writes the resulting binary content to the specified\r\npath using a helper routine with UTF-8 encoding. This routine serves as a critical component of the malware’s\r\npayload deployment system, enabling the C\u0026C server to remotely create configuration files, malicious scripts, or\r\nother files necessary for persistence and further operations on the infected Windows system.\r\nDefense strategies\r\nhttps://www.trendmicro.com/en_us/research/25/i/evilai.html\r\nPage 24 of 26\n\nWith the rapid advancement of threats like EvilAI, it is more important than ever to combine strong cyber hygiene\r\nwith state-of-the-art protection. Trend recommends the following strategies to help readers defend against\r\nsophisticated, AI-powered malware:\r\nDownload software only from trusted sources. Stick to official websites and reputable app stores. Be\r\nskeptical of programs advertised on forums, social media, or unfamiliar websites – even if they look\r\nprofessional or have digital signatures.\r\nLeverage advanced security solutions. Deploy solutions which use behavioral analysis and AI-driven\r\ndetection to block novel and stealthy threats that traditional security may miss.\r\nKeep systems and applications updated. Ensure operating systems and all critical applications are\r\nregularly patched to address vulnerabilities that attackers may exploit.\r\nEducate and alert users. Train everyone in your organization or home about the dangers of social\r\nengineering, and make it clear that even polished or signed software can pose risks.\r\nMonitor for suspicious behavior. Look out for unexpected process launches, new scheduled tasks,\r\nunusual registry entries, or connections to unknown domains – all signs that may indicate malware activity.\r\nAdopt a layered security approach. Combine multiple defensive measures and maintain ongoing\r\nvigilance, as advanced threats like EvilAI constantly evolve to bypass single-layer protections.\r\nUpdate credentials if compromise is suspected. In the event that an infostealing routine is detected or\r\nsuspected to have been executed, immediately update all potentially compromised credentials (such as\r\npasswords, API keys, and authentication tokens) to prevent unauthorized access and further damage.\r\nBy practicing these security fundamentals and enhancing your defenses with Trend’s next-generation solutions,\r\nyou can significantly reduce your risk of EvilAI infection and stay ahead of emerging malware threats.\r\nConclusion\r\nRecent analysis indicates that EvilAI is being used primarily as a stager – its role is to gain initial access, establish\r\npersistence, and prepare the infected system for additional payloads. Based on behavioral patterns observed during\r\nsandbox analysis and live telemetry, researchers suspect a secondary infostealer component is being deployed in\r\nfollow-up stages. However, the exact nature and capabilities of this payload remain undiscovered, leaving critical\r\ngaps in defenders’ visibility and response efforts.\r\nThis lack of clarity poses a significant risk. Without knowing what’s being delivered post-infection, organizations\r\ncannot fully assess the damage or implement effective containment. It also suggests the campaign is still active\r\nand evolving, with attackers possibly testing or rotating payloads in real time.\r\nThe rise of AI-powered malware like EvilAI underscores a broader shift in the threat landscape. AI is no longer\r\njust a tool for defenders – it’s now being weaponized by threat actors to produce malware that is smarter,\r\nstealthier, and more scalable than ever before. In this environment, familiar software, signed certificates, and\r\npolished interfaces can no longer be taken at face value.\r\nAs attackers continue to innovate, so must defenders. Relying solely on signature-based detection or user\r\nawareness is no longer enough. The EvilAI campaign is a clear reminder that layered, adaptive, and AI-aware\r\ndefenses are now essential to stay ahead of threats that are constantly learning and evolving.\r\nhttps://www.trendmicro.com/en_us/research/25/i/evilai.html\r\nPage 25 of 26\n\nProactive security with Trend Vision One™\r\nTrend Vision One️™open on a new tab is the only AI-powered enterprise cybersecurity platform that centralizes\r\ncyber risk exposure management, security operations, and robust layered protection. This holistic approach helps\r\nenterprises predict and prevent threats, accelerating proactive security outcomes across their respective digital\r\nestate. With Trend Vision One, you’re enabled to eliminate security blind spots, focus on what matters most, and\r\nelevate security into a strategic partner for innovation.\r\nTrend Vision One™ Threat Intelligence\r\nTo stay ahead of evolving threats, Trend customers can access Trend Vision One™ Threat Insightsopen on a new\r\ntab, which provides the latest insights from Trend Research on emerging threats and threat actors. \r\nTrend Vision One Threat Insights\r\nEmerging Threats:  The Rise of EVILAI — Fake Software, Real Threatsopen on a new tab\r\nTrend Vision One Intelligence Reports (IOC Sweeping) \r\nThe Rise of EVILAI — Fake Software, Real Threatsopen on a new tab\r\nHunting Queries \r\nTrend Vision One Search App \r\nTrend Vision One customers can use the Search App to match or hunt the malicious indicators mentioned in this\r\nblog post with data in their environment.    \r\nDetection of EVILAI samples\r\nmalName: *.EVILAI.* AND eventName: MALWARE_DETECTION\r\nMore hunting queries are available for Trend Vision One customers with Threat Insights Entitlement enabledopen\r\non a new tab.     \r\nIndicators of compromise (IOCs)\r\nThe indicators of compromise for this entry can be found here. \r\nSource: https://www.trendmicro.com/en_us/research/25/i/evilai.html\r\nhttps://www.trendmicro.com/en_us/research/25/i/evilai.html\r\nPage 26 of 26",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://www.trendmicro.com/en_us/research/25/i/evilai.html"
	],
	"report_names": [
		"evilai.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775791328,
	"ts_updated_at": 1775791336,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/c515f819a0e84fdcce83c32d2cae4b1ad8134ba5.pdf",
		"text": "https://archive.orkl.eu/c515f819a0e84fdcce83c32d2cae4b1ad8134ba5.txt",
		"img": "https://archive.orkl.eu/c515f819a0e84fdcce83c32d2cae4b1ad8134ba5.jpg"
	}
}