"AI-Powered 'BlackMamba' Keylogging Attack Evades Modern EDR Security"
A proof-of-concept (POC), Artificial Intelligence (AI)-powered cyberattack that can quickly change its code is capable of evading the latest automated security-detection technologies, indicating the potential for developing undetectable malware. BlackMamba, a POC attack demonstrated by HYAS Labs, exploits a Large Language Model (LLM), the technology on which ChatGPT is built, to develop polymorphic keylogger functionality. According to the researchers, the attack is "truly polymorphic" in that each time BlackMamba executes, it resynthesizes its keylogging ability. The BlackMamba attack illustrates how AI can enable malware to dynamically modify code during runtime without any command-and-control (C2) infrastructure, allowing it to evade current automated security solutions aimed at detecting this type of behavior. Traditional security solutions, such as Endpoint Detection and Response (EDR), use multi-layer data intelligence systems to combat some of today's most sophisticated threats. Most automated controls claim to prevent novel or irregular behavior patterns, according to the HYAS Labs researchers. In practice, however, this is quite uncommon. They tested the attack against an EDR system that was not disclosed by name but was described as "industry leading." BlackMamba can collect sensitive information from a device, including usernames, passwords, and credit card numbers, using its built-in keylogging ability. After capturing this data, the malware uses the common and trusted collaboration platform, Microsoft Teams, to deliver it to a malicious Teams channel. This article continues to discuss the demonstrated BlackMamba attack.
Dark Reading reports "AI-Powered 'BlackMamba' Keylogging Attack Evades Modern EDR Security"