Unlike the bundled malware commonly seen in recent years, these new threats implement genuine functionality as core components of the malicious software.
Security analysts have identified several examples, including JustAskJacky, a desktop assistant that provides helpful answers while secretly executing commands from command-and-control servers, and TamperedChef, a recipe application that interprets whitespace characters in downloaded recipes as executable commands.
The proliferation of AI-powered development tools has fundamentally altered the malware landscape. Previously, threat actors relied heavily on packing techniques to evade static scanners on platforms like VirusTotal.
Creating new, undetectable malware code required significant effort and expertise. However, LLMs have democratized this process, enabling the generation of fresh, well-structured code that naturally evades signature-based detection systems.
TamperedChef exemplifies this evolution, remaining undetected on VirusTotal for six weeks despite being unpacked.
The malware’s code structure reveals telltale signs of LLM generation, including extensive comments that openly describe steganographic techniques, documentation that human malware authors would typically omit to hinder reverse engineering efforts.
The applications promoting these trojans appear remarkably legitimate, featuring professional websites with proper grammar, comprehensive content, and standard pages like privacy policies and terms of service.
LLMs enable threat actors to populate these sites with convincing databases of recipes, images, and instructional content that would have been prohibitively expensive to create manually.
Traditional user intuition about suspicious websites based on poor grammar, spelling errors, or minimal content no longer provides adequate protection.
The perceived effort required to create these sites now matches that of legitimate applications, rendering gut-feeling assessments ineffective.
Security experts emphasize that static signature-based detection proves insufficient against these threats. Instead, behavioral and dynamic analysis techniques become essential.
For instance, JustAskJacky’s suspicious behavior patterns, which involve executing scheduled tasks at random intervals, trigger alerts in modern antivirus systems that monitor runtime behavior rather than relying solely on code signatures.
This trend represents a significant shift in the threat landscape, as LLM-generated malware combines the deceptive packaging of classical Trojan horses with the sophistication needed to evade contemporary security measures.
Organizations and individual users must adapt their security strategies to address these AI-enabled threats through advanced behavioral monitoring and dynamic analysis capabilities.
Find this Story Interesting! Follow us on Google News , LinkedIn and X to Get More Instant Updates
The post Reawakening Ancient Cyber Dangers – How AI and LLMs are Reviving Trojan Horse Tactics appeared first on Cyber Security News.
There are plenty of deals you’ll want to grab today. If you weren’t able to…
We may now know the solution to Capcom's devious Resident Evil Requiem Final Puzzle, but…
Pokémon TCG's next Mega Evolution expansion, Perfect Order, is set to release on March 27.…
If you’re fairly online, like we are, you probably heard about the viral rumor that…
Microsoft’s February 2026 Patch Tuesday fixed 59 flaws, but CVE-2026-21513 in the MSHTML framework stole…
A proof-of-concept (PoC) exploit has been publicly released for CVE-2026-20817, a local privilege escalation vulnerability…
This website uses cookies.