Bitdefender identifies new malware attack model

Bitdefender has identified a new AI-driven advanced persistent threat attack strategy targeting organisations in Asia–Pacific.

The attack model, dubbed ‘vibeware’, is likely being utilised by notorious Pakistan-based threat actor APT36. It involves producing a high-volume mass of implants developed using niche programming languages such as Nim, Zig and Crystal.

By utilising malicious tools developed by large language models and AI-integrated development tools in obscure languages, the group aims to evade detection and disruption by conventional security tools.

APT36 has been historically associated with attacks targeting the Indian Government, diplomatic missions and defence-related entities. Bitdefender’s research suggests that the Vibeware attack method is capable of releasing new malware variants at a nearly daily cadence using an approach the researchers describe as a form of ‘distributed denial of detection’.

The company said the sheer scale and volume of variants being produced using this method increases the likelihood that at least one piece of malware will evade traditional signature-based or behaviourally tuned detection engines.

Bitdefender said targeting using the method remains highly focused on South Asian regional politics and national security, but the implications extend beyond one geography, because the attack campaign demonstrates that AI is lowering the barrier to entry for experimenting with new languages and delivery mechanisms.

To mitigate against the threat, Bitdefender is recommending that organisations prioritise behavioural detections rather than signature-based detections, audit and control trusted cloud services, and implement dynamic attack surface reduction alongside endpoint detection and response capabilities.

Image credit: iStock.com/Just_Super