When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works .
If you're thinking that a malware-scanning bot can't be that dumb as to follow any of those instructions, you're absolutely right — and that's exactly what makes the attack work, as the bots' failsafe mechanisms will trigger, so then they won't scan the rest of the file where the actual payload resides.
This is called an "adversarial attack" in AI parlance, and, generally speaking, it's not expected to be widely effective, but any little bit helps the malfeasants. Having said that, an X user had Anthropic Fable try to scan the file, and sure enough, he got the well-known "Chat paused" message. That is by no means scientific, and it's reasonable to assume that malware-scanning models will be configured more accurately for this task. However, this somewhat implies that a cursory check by a developer asking "does this Python package I just installed contain malware?" might be met with a reply of "of course not, boss, you're good to go!" Even bots scanning CI/CD development pipelines might fall for it.
Socket's blog post does remark that other analysis types will still work fine, including pattern matching, actually parsing the source code, checking for randomized sections likely to hide malicious payloads, and actually running the code in a sandboxed environment. The now-upgraded malware does reportedly contain a trigger that makes it wipe itself via various mechanisms, with a common one being detecting if it's running in a sandbox.
That's not the only skill that got levelled up, either. In some instances, the loading mechanism and the payload itself reside in separate packages that are commonly installed together; this sort of split is mostly unexpected for common scanners. This time around, the malware developers also leaned harder into precompiled binaries, commonly found in performance-sensitive Python packages. They also made sure that more payloads only trigger when the packages are actually initialized/run in the target's code (via Python's "import" statement), rather than when they're installed, further evading cursory detection.
Compromised Mistral AI and TanStack packages may have exposed GitHub, cloud and CI/CD credentials in 'mini Shai Hulud' malware infection
Google cybersecurity boffins found at least one AI-developed zero-day exploit
Key considerations
- Investor positioning can change fast
- Volatility remains possible near catalysts
- Macro rates and liquidity can dominate flows
Reference reading
- https://www.tomshardware.com/tech-industry/cyber-security/SPONSORED_LINK_URL
- https://www.tomshardware.com/tech-industry/cyber-security/hades-malware-campaign-now-tricks-ai-bots-by-injecting-text-about-biological-and-nuclear-weapons-failsafe-mechanisms-triggered-by-prompts-for-weapon-creation-stop-scans-before-payload-is-seen#main
- https://www.tomshardware.com/membership
- Intel's upcoming Z970 and Z990 flagship chipsets will reportedly consume up to 14W at peak load, courtesy of more PCIe 5.0 support — Nova Lake motherboards may
- Anthropic's warning over AI self-improvement has a hidden message — accelerating development requires more compute before companies ever risk losing control of
- Samsung Heavy Industries recruits Greek shipowner and Supermicro to bring 50MW floating AI data centers to market — can be powered by solid oxide fuel cells run
- Save a massive $751 on this RTX 5070 Ti gaming PC with a 9800X3D right now — liquid-cooled, 4K-ready Skytech rig with 32GB DDR5 and a 2TB SSD is now just $2,249
- We tested 20 wall chargers, from cheap to expensive, to find the best — from 15W to 140W, here are the chargers that perform the best without overheating and th
Informational only. No financial advice. Do your own research.