Researchers Expose Vulnerability: Copilot and Grok as Malware C2 Proxies
Cybersecurity Researchers Demonstrate Novel AI-Powered Attack Technique
Cybersecurity researchers have demonstrated a novel technique that enables threat actors to abuse artificial intelligence (AI) assistants as stealthy command-and-control (C2) relays.
AI as a C2 Proxy
This approach, dubbed “AI as a C2 proxy,” leverages the web-browsing and URL-fetching capabilities of AI tools like Microsoft Copilot and xAI Grok to establish a bidirectional communication channel between the attacker and compromised host.
The technique allows attackers to blend in with legitimate enterprise communications, evading detection by security controls. By using specially crafted prompts, the AI agent can be tricked into contacting attacker-controlled infrastructure and passing responses containing commands to be executed on the host back to the malware.
Similarities to LOTS Tactics
The researchers noted that this approach is similar to “living-off-trusted-sites” (LOTS) tactics, where attackers weaponize trusted services for malware distribution and C2. However, in this case, the AI agent acts as a transport layer, carrying prompts and model outputs that can be used to devise an evasion strategy and determine the next course of action.
Implications and Concerns
Check Point, the cybersecurity company that disclosed the technique, warned that this approach could enable AI-driven implants and AIOps-style C2, automating triage, targeting, and operational choices in real-time.
The company also noted that attackers could use the AI agent to generate reconnaissance workflows, script attacker actions, and dynamically decide “what to do next” during an intrusion.
Evolving Threat Landscape
This development highlights the evolving threat landscape, where AI systems are being abused by threat actors to scale and accelerate different phases of the cyber attack cycle.
The use of AI as a C2 proxy is a significant concern, as it allows attackers to blend in with legitimate communications and evade detection.
Related Development
In a related development, Palo Alto Networks Unit 42 recently demonstrated a novel attack technique where a seemingly innocuous web page can be turned into a phishing site by using client-side API calls to trusted large language model (LLM) services for generating malicious JavaScript dynamically in real-time.
This method is similar to Last Mile Reassembly (LMR) attacks, which involve smuggling malware through unmonitored channels like WebRTC and WebSocket and piecing them together directly in the victim’s browser.
About Author
English