Researchers developed this stealth-attacking software
Enterprise network security researchers have worked with artificial intelligence to automatically detect and fight malware attacks, as well as to stop any kind of cyberattack before it affects any organization.
However, malicious agents can also use the same technology to develop new malware generations that can evade even the best security measures and infect a computer network or launch an attack with minimal user interaction required.
To exemplify these catastrophic scenarios, enterprise network security researchers developed DeepLocker, a new kind of “highly specific and evasive” computer attack tool powered by artificial intelligence, which hides its malicious intentions until it reaches a specific victim.
According to the team in charge of the project, DeepLocker operates under the radar without being detected and unleashes its harmful actions as soon as the artificial intelligence scheme identifies the target of the attack through indicators as facial recognition, geolocation and voice recording.
Described as a traditional “spray and pray” attack variant, enterprise network security investigators believe that this type of stealth malware powered by artificial intelligence is particularly dangerous because it could infect millions of systems without being detected.
This malware can hide its malicious load while hosted in benign applications (such as videoconferencing software) to avoid being detected by most antivirus and malware scanners until it reaches its target, identified by artificial intelligence processes. “What makes DeepLocker a one of a kind tool is that artificial intelligence makes it impossible to use reverse engineering on its triggering conditions to deploy the attack” the researchers explained. This means that malicious components will only be released if the target is reached.
To demonstrate the capabilities of DeepLocker, enterprise network security investigators designed a proof of concept, hiding a sample of WannaCry ransomware in a videoconferencing application so that it was not detected by any security tool.
Given its activation conditions, DeepLocker did not unlock or execute the ransomware in the system until it recognized the selected victim’s face, target determined by photos of the victim available online. So, the only thing that DeepLocker needs is a photo, which anyone can get from any social network page.
Enterprise network security experts from the International Institute of Cyber Security claim that DeepLocker project managers will offer details and live demonstrations of the proof of concept for this tool in further cyber security forums.