Cybersecurity experts have raised concerns over the use of large language models (LLMs) to generate new variants of malicious JavaScript code, a method that can significantly enhance malware's ability to bypass detection.
According to researchers from Palo Alto Networks Unit 42, while LLMs may not be capable of creating malware from scratch, they are highly effective at rewriting or obfuscating existing malicious code, making it harder for security systems to detect. Criminals can leverage LLMs to transform malware into new variants by making the code appear more natural and thereby circumventing detection.
The research highlights that over time, this approach could degrade the performance of malware classification systems, making previously identified malicious code appear benign. Researchers used LLMs to iteratively rewrite malware samples, generating 10,000 unique JavaScript variants that preserved the original functionality but evaded detection by machine learning models, such as Innocent Until Proven Guilty (IUPG) and PhishingJS.
The study demonstrated that 88% of these new variants were classified as benign by malware detection systems. The modified code also successfully bypassed VirusTotal, a popular malware analysis platform, showcasing the effectiveness of LLM-driven obfuscation techniques.
While traditional malware obfuscation tools like obfuscator.io are easier to detect due to their predictable transformations, LLM-based obfuscation generates more natural-looking changes, making it a formidable challenge for security systems.
Unit 42 emphasized that while generative AI may increase the scale of new malicious code variants, the same techniques can be used to improve the training data of machine learning models, enhancing their ability to detect such threats in the future.
TPUXtract Attack Targets Google Edge TPUs
In another cybersecurity revelation, researchers from North Carolina State University unveiled a side-channel attack called TPUXtract, which targets Google Edge Tensor Processing Units (TPUs). The attack allows attackers to perform model stealing with 99.91% accuracy, potentially enabling intellectual property theft or further cyberattacks.
The TPUXtract attack exploits electromagnetic signals emitted by TPUs during neural network inference processes. By capturing these signals, attackers can infer hyperparameters like layer configurations, node count, kernel sizes, and activation functions, effectively reconstructing the high-level features of the AI model. However, this attack requires physical access to the target device and specialized equipment to capture the signals.
This new attack represents the first comprehensive method capable of extracting previously unseen models, presenting a significant security concern for AI systems that rely on TPUs.
AI Frameworks Vulnerable to Manipulation Attacks
In yet another troubling development, researchers at Morphisec disclosed that AI frameworks like the Exploit Prediction Scoring System (EPSS) are susceptible to adversarial attacks that manipulate risk assessments of software vulnerabilities.
EPSS is widely used by security vendors to predict the likelihood of known vulnerabilities being exploited in the wild. However, attackers can manipulate the system’s input signals, such as social media mentions and public code availability, to artificially inflate the activity metrics of specific vulnerabilities. This can mislead organizations into overestimating or underestimating the severity of a threat.
A proof-of-concept attack demonstrated that by generating fake social media posts or creating an empty GitHub repository linked to an exploit, threat actors could increase the perceived exploitability of a vulnerability. For instance, after injecting artificial activity, the likelihood of a vulnerability being exploited rose from 0.1 to 0.14, while its percentile ranking increased from the 41st to the 51st percentile, pushing it above the median threat level.
These findings underscore the potential risks of relying on external signals in AI-driven vulnerability management systems and highlight the need for enhanced protections against manipulation.
As AI and machine learning continue to evolve, these emerging threats emphasize the need for continuous advancements in security measures to safeguard against both human and AI-driven cyberattacks.