Beware! New AI malware “LameHug” can steal your data by hiding in ZIP files
New malware called LameHug is spreading worldwide. The LameHug, malware is written in Python, a widely used programming language.
A dangerous new AI malware called LameHug (written in Python, a programming language) is spreading worldwide and is posing a threat for Internet users. It uses the same smart technology that powers AI chatbots like ChatGPT, Gemini, Perplexity and Claude. Discovered by Ukraine’s cyber security team (CERT-UA), the malware, LameHug cleverly uses AI to create and run harmful commands that break into windows computers and steal sensitive data.
According to CERT – this dangerous AI malware is created by a Russian hacker group known as APT028. The virus uses tools (APIs) from Hugging Face and is powered by Qwen-2.5-coder-32B-Instruct, an open source large language model created by Alibaba Cloud. It helps this dangerous new AI malware to generate and send harmful commands to the systems.
Just like AI chatbots such as Gemini, ChataGPT, and Perplexity, a large language model used in LameHug can turn everyday language into working code or computer commands. The hackers tricked the Ukrainian government official by sending fake emails that looked like they came from real ministries. Inside the email was a ZIP file carrying the LameHug malware. This file included two programs named “AI_generator_uncensored_Canvas_PRO_0.9.exe” and “image.py” that helped run the malware.
The malware used special commands that let the hacker group APT028 collect information from the affected Windows computer. It searched for text and PDF files in common folders like documents, downloads and desktop. After finding the files, the malware sent them to a server controlled by the hackers. However, it’s still not clear exactly how the AI powered attack was done.
Accordingly to the sources, IBM X force Exchange has reported about another AI language models (LLMs) that creates executable commands. This lets hackers change tactics without new files, making the malware harder to detect. Around the same time, the security analysis also revealed a new malware called Skynet that can easily elude AI based security tools.
Thus, LameHug proves that hackers are now using AI to make their attacks smarts and harder to stop. This shows the need for better security to deal with these new kinds of threats.
Also read: Apple Macbook Air M4 Flipkart deal: Get the laptop under Rs 68,000, check the offers
