The campaign targets Windows users with archives and documents framed as useful resources for artificial intelligence adoption, coding and marketing. One lure was presented as a developer guide for agentic coding with Claude Code, while other decoy titles referred to AI-ready data systems and marketing in the age of AI. The approach reflects a wider shift in cybercrime: attackers are no longer relying only on crude phishing attachments, but are packaging malware inside material that appears relevant to employees trying to keep pace with AI tools.
The infection begins with a compressed archive containing a shortcut file and hidden PDF files. The visible file appears harmless, but the shortcut launches an obfuscated command sequence using native Windows tools. Instead of calling an obvious executable, the command reads selected lines from one hidden PDF and treats the file as a container for staged malicious code.
That first stage extracts and runs PowerShell commands while suppressing visible windows and bypassing execution restrictions. The embedded script searches for concealed data markers inside the PDF, decodes Base64 content, applies PBKDF2 key derivation and AES-CBC decryption, then writes another PowerShell script into the user’s application data directory. The use of a benign-looking document as a storage layer allows the attack to conceal payloads away from conventional attachment scanning.
The next phase creates a working directory under a path designed to resemble a legitimate Windows diagnostics component. Additional payloads are extracted from the same PDF, including scripts and batch files with names imitating Realtek audio services. A clean decoy PDF is also opened to reassure the victim that the downloaded guide was legitimate, while the malicious chain continues silently.
Persistence is established through scheduled tasks carrying audio-related names, including tasks configured to run after infection, at user logon and, where permitted, at system startup or daily intervals. This gives the attackers repeated opportunities to regain control even after a reboot. The campaign also attempts to reduce forensic traces by using temporary logs that are deleted after execution.
A notable feature is the abuse of AutoHotkey as an execution layer. The recovered executables match legitimate AutoHotkey binaries but are renamed to resemble Realtek components. Malicious logic is placed in AutoHotkey scripts, allowing the attackers to mutate scripts more easily and reduce dependence on custom compiled files that security tools may flag.
The loader reconstructs payloads from disguised text files and injects them into legitimate. NET Framework processes through process hollowing. It uses standard Windows API functions for creating suspended processes, allocating memory, writing malicious code and resuming execution, allowing the final payload to run under the cover of trusted system components.
The final stage includes a modular remote access trojan and AsyncRAT. The malware can contact command-and-control infrastructure, collect system details, identify the user and operating system, monitor security products, capture screen data, receive encrypted commands, load additional. NET assemblies directly in memory and run follow-on payloads. One AsyncRAT sample used a command-and-control address at 107.172.10.190, while related infrastructure included domains designed to resemble shampoo or cosmetics websites.
AsyncRAT remains attractive to attackers because it is open-source, flexible and widely adapted across criminal operations. Once installed, it can support remote desktop access, credential theft, file manipulation, command execution and further malware delivery. Its availability has made it common in phishing, loader and malware-as-a-service ecosystems.
The campaign also points to possible AI-assisted malware development. Several scripts contained Simplified Chinese variable names, structured comments and artefacts that appeared unsanitised, including an emoji-marked instruction line. The overall attack logic still suggests deliberate human planning, but the coding style indicates that generative tools may have helped speed up implementation.
The timing is significant as workplaces continue to adopt AI assistants, code-generation tools and prompt-based workflows. Developers, marketers, analysts and students are searching for guides, templates and utilities, creating a fertile environment for malicious downloads disguised as educational material. Similar operations have used fake AI websites, spoofed coding tools, malicious search advertisements and poisoned software recommendations to target users seeking productivity tools.
Follow Arabian Post
Select Arabian Post as your preferred source on Google and MSN News for trusted business news and Arab politics and updates.
