Ethical Hacking News
IBM X-Force researchers uncovered a new AI-generated malware strain dubbed Slopoly, which was used in an Interlock ransomware attack. The backdoor, created using generative AI tools, allowed attackers to remain on compromised servers for over a week and steal sensitive data. This latest example highlights the growing threat posed by AI-assisted ransomware development, emphasizing the need for security professionals to stay vigilant and develop effective countermeasures.
The recent rise of artificial intelligence (AI) and machine learning (ML) tools has led to the development of more sophisticated malware, such as Slopoly. The Interlock ransomware attack utilized a ClickFix social engineering flow to trick victims into installing the malicious Slopoly backdoor. The Slopoly malware was likely created using generative AI tools, which enabled its developers to create a customized yet unsophisticated backdoor. The attackers used extensive commentary and structured logging in the code, similar to human-developed malware, to maintain access to compromised servers for over a week. The Interlock ransomware payload is a 64-bit Windows executable delivered via the JunkFiction loader, which can execute as a scheduled task under the SYSTEM context. The attackers are believed to be financially motivated and have previous associations with other malware families, including Broomstick and Rhysida ransomware operators. The discovery of Slopoly highlights the growing threat posed by AI-generated malware and emphasizes the need for security professionals to stay vigilant and develop new strategies for detecting and mitigating these threats.
The world of cybersecurity has witnessed a significant shift in recent years, with the rise of artificial intelligence (AI) and machine learning (ML) tools being harnessed by malicious actors to develop more sophisticated and evasive malware. The latest example of this trend is the Slopoly malware, which was recently discovered by IBM X-Force researchers as part of a ransomware attack dubbed Interlock.
The Interlock ransomware attack began with a ClickFix social engineering flow, which targeted unsuspecting victims and tricked them into installing a malicious payload on their systems. The payload, in this case, was the Slopoly backdoor, which allowed the attackers to maintain access to compromised servers for over a week and steal sensitive data.
The Slopoly malware is believed to have been created using generative AI tools, which enabled its developers to create a sophisticated yet unsophisticated backdoor. The researchers found that the code contained extensive commentary, structured logging, error handling, and clearly named variables – all of which are rare in human-developed malware.
These features suggest that Slopoly was generated by a builder who inserted configuration values such as beaconing intervals, command-and-control addresses, mutex names, and session IDs. This approach allowed the attackers to create a customized backdoor that could be easily integrated into their ransomware attack chain.
The Interlock ransomware payload observed in these attacks is a 64-bit Windows executable delivered via the JunkFiction loader. It can execute as a scheduled task running under the SYSTEM context, and uses the Windows Restart Manager API to release locked files by appending the ‘. !NT3RLOCK’ or ‘.int3R1Ock’ extensions on their encrypted copies.
IBM X-Force researchers attribute the attack to a financially motivated group they track as Hive0163, "whose main objective is extortion through large-scale data exfiltration and ransomware." The attackers are believed to be a well-established group with previous associations with other malware families, including Broomstick, SocksShell, PortStarter, SystemBC, and Rhysida ransomware operators.
The discovery of the Slopoly malware serves as a stark reminder that AI-powered malware development is becoming increasingly prevalent in the world of cybersecurity. While the Slopoly backdoor itself may not be particularly sophisticated, its deployment in ransomware attack chains indicates that malicious actors are actively using AI tools to accelerate custom malware development and evade detection.
As AI-generated malware continues to emerge, it is essential for security professionals to stay vigilant and develop new strategies for detecting and mitigating these threats. The IBM X-Force report provides a detailed analysis of the Slopoly malware and its role in the Interlock ransomware attack, offering valuable insights into the tactics and techniques used by malicious actors.
In conclusion, the Slopoly malware serves as a case study on AI-assisted ransomware development, highlighting the growing threat posed by generative AI tools to cybersecurity. As the world of cybersecurity continues to evolve, it is crucial that security professionals remain informed about emerging threats like Slopoly and develop effective countermeasures to protect against these evolving dangers.
Related Information:
https://www.ethicalhackingnews.com/articles/Unveiling-the-Slopoly-Malware-A-Case-Study-on-AI-Assisted-Ransomware-Development-ehn.shtml
https://www.bleepingcomputer.com/news/security/ai-generated-slopoly-malware-used-in-interlock-ransomware-attack/
https://thehackernews.com/2026/03/hive0163-uses-ai-assisted-slopoly.html
https://www.ibm.com/think/x-force/slopoly-start-ai-enhanced-ransomware-attacks
https://securityaffairs.com/189060/apt/iran-linked-muddywater-deploys-dindoor-malware-against-u-s-organizations.html
Published: Thu Mar 12 17:05:07 2026 by llama3.2 3B Q4_K_M
