AI assistants like Grok and Microsoft Copilot with web browsing and URL-fetching capabilities can be abused to intermediate command-and-control (C2) activity.
Researchers at cybersecurity company Check Point discovered that threat actors can use AI services to relay communication between the C2 server and the target machine.
Attackers can exploit this mechanism to deliver commands and retrieve stolen data from victim systems.
The researchers created a proof-of-concept to show how it all works and disclosed their findings to Microsoft and xAI.
AI as a stealthy relay
Instead of malware connecting directly to a C2 server hosted on the attacker's infrastructure, Check Point’s idea was to have it communicate with an AI web interface, instructing the agent to fetch an attacker-controlled URL and receive the response in the AI’s output.
In Check Point's scenario, the malware interacts with the AI service using the WebView2 component in Windows 11. The researchers say that even if the component is missing on the target system, the threat actor can deliver it embedded in the malware.
WebView2 is used by developers to show web content in the interface of native desktop applications, thus eliminating the need of a full-featured browser.
The researchers created "a C++ program that opens a WebView pointing to either Grok or Copilot." This way, the attacker can submit to the assistant instructions that can include commands to be executed or extract information from the compromised machine.
Malware to AI agent interaction flow
... continue reading