The report, which focuses on data from the second quarter of 2024, highlights that cybercriminals are continuing to adapt their methods to evade security measures
HP Inc. (NYSE: HPQ) unveiled its latest Threat Insights Report at the HP Imagine event, shedding light on how cybercriminals are increasingly leveraging generative AI (GenAI) to craft malicious code. The report highlights various new tactics, including a sophisticated ChromeLoader campaign and the use of SVG images to embed malware.
Based on data collected from millions of endpoints running HP Wolf Security, the report provides a comprehensive look at real-world cyberattacks. It offers valuable insights into how threat actors are evolving their methods to breach systems and avoid detection in today’s rapidly changing cybersecurity landscape.
Generative AI Accelerating Malware Development
HP’s threat research team discovered an ongoing campaign targeting French speakers that uses malware believed to be developed with the help of GenAI tools. While AI’s role in crafting phishing lures is well-known, this is among the first documented cases where GenAI appears to assist in writing malicious code.
The malware uses VBScript and JavaScript, with clear indications of AI assistance, such as line-by-line comments and native language function names. The attack employs AsyncRAT malware, a freely available infostealer that records screens and captures keystrokes, showing how GenAI is lowering the entry barrier for cybercriminals.
Malvertising Leads To Rogue PDF Tools
A large-scale ChromeLoader campaign is also a growing concern. Cybercriminals are using malvertising—ads with malicious intent—around popular search terms to lure users into downloading seemingly legitimate PDF tools. These applications, while functional, contain hidden malicious code packaged in MSI files. The use of valid code-signing certificates allows attackers to bypass Windows security protocols, making infections more likely.
Once installed, these fake PDF tools take control of the user’s browser, redirecting searches to attacker-controlled websites.
Malware Hidden In SVG Images
Another emerging tactic highlighted in the report is the use of Scalable Vector Graphics (SVG) images to smuggle malware. SVGs, an XML-based format widely used in graphic design, automatically open in web browsers. Cybercriminals are embedding JavaScript in these images, which then executes when the image is viewed, leading to the installation of various types of infostealer malware.
Patrick Schläpfer, Principal Threat Researcher at HP Security Lab, noted the significance of these findings: “Speculation about AI being used by attackers is rife, but evidence has been scarce, so this finding is significant. Typically, attackers like to obscure their intentions to avoid revealing their methods, so this behavior indicates an AI assistant was used to help write their code. Such capabilities further lower the barrier to entry for threat actors, allowing novices without coding skills to write scripts, develop infection chains, and launch more damaging attacks.”
Dr. Ian Pratt, Global Head of Security for Personal Systems at HP Inc., added: “Threat actors are constantly updating their methods, whether it’s using AI to enhance attacks, or creating functioning-but-malicious tools to bypass detection. So, businesses must build resilience, closing off as many common attack routes as possible. Adopting a defense-in-depth strategy — including isolating high-risk activities like opening email attachments or web downloads — helps to minimize the attack surface and neutralize the risk of infection.”*
Rising Threats & New Techniques
The report, which focuses on data from the second quarter of 2024, also highlights that cybercriminals are continuing to adapt their methods to evade security measures:
– At least 12 per cent of email threats detected by HP Sure Click bypassed one or more email gateway scanners, consistent with the previous quarter.
– The primary vectors for malware attacks were email attachments (61 per cent ), browser downloads (18 per cent ), and removable storage devices like USB drives (21 per cent ).
– Archives remained the most common delivery method for malware, with ZIP files accounting for 26 per cent of the attacks.