SesameOp Malware Abuses OpenAI API
securityweek
A threat actor has abused the OpenAI Assistants API as a communication mechanism between its command-and-control (C&C) server and a stealthy backdoor, Microsoft reports.
Dubbed SesameOp, the backdoor was deployed as part of a sophisticated attack in which the threat actor maintained access to the compromised environment for months, relying on a complex network of web shells for command execution.
The commands, Microsoft says, were relayed through malicious processes that abused compromised Visual Studio utilities to load malicious libraries, a technique referred to as .NET AppDomainManager injection.
Enabling the attackers to manage infected devices remotely, SesameOp was designed for long-term persistence, suggesting the attack was aimed at espionage.
The attackers, Microsoft explains, modified the configuration file of a host executable so it would load at runtime a DLL named Netapi64.dll, using .NET AppDomainManager injection.
The DLL acts as a loader for the backdoor, which is saved in the Temp ...
Copyright of this story solely belongs to securityweek . To see the full text click HERE