Emergent AI-Enabled Supply Chain Exploitation in Open-Source Development Platforms

Morphisec Threat Labs has uncovered a sophisticated malware campaign that blends artificial intelligence, social engineering, and supply-chain compromise.

This new wave of attacks is exploiting the open-source ecosystem, specifically GitHub, to deliver a stealthy backdoor known as PyStoreRAT.

Unlike traditional loaders, PyStoreRAT demonstrates adaptive capabilities, modular payload execution, and advanced evasion patterns tuned against enterprise-grade defenses.

AI-Generated Repositories as Attack Vectors

The campaign began when threat actors reactivated dormant GitHub accounts with no prior activity. These accounts were used to publish repositories that appeared legitimate, allegedly created with AI-assisted tools.

The codebases appeared authentic and often included well-documented README files, dependency references, and contribution logs, which gave them high credibility within the developer community.

As these repositories gained traction through forks and stars, the attackers gradually introduced malicious updates that concealed the PyStoreRAT loader within dependency trees and update scripts.

The loader executed silently upon installation or during build processes, providing a persistent foothold in developer environments.

Morphisec’s analysis indicates that PyStoreRAT performs system profiling immediately after execution, collecting OS details, environment variables, and IDE configurations.

The malware can stage multiple payloads based on the target’s security posture, including command-and-control (C2) modules, credential harvesters, and file manipulation routines.

Falcon Evasion and Cluster Attribution

A notable feature of PyStoreRAT is its evasion logic, designed to evade endpoint detection and response (EDR) mechanisms.

When the malware detects CrowdStrike Falcon or similar EDR processes, it alters its execution flow by switching to fallback command handlers and delaying communication intervals.

This adaptive behavior reduces behavioral anomalies that might trigger detection engines. The command system relies on a rotating network of GitHub-hosted nodes and disposable domains, complicating takedown efforts.

Each C2 node functions as a temporary relay, storing encrypted task data within repository issues, commits, or Gist entries, a tactic aligning with past Russian-speaking actor TTPs (tactics, techniques, and procedures) observed in open-source infiltration incidents.

Linguistic indicators within code comments and build metadata further suggest a Russian linkage, though attribution remains under investigation.

Morphisec’s cluster mapping reveals more than a dozen interlinked repositories associated with the same activity set, many of which have since been removed or privatized.

The company’s report provides a complete list of indicators of compromise (IOCs), YARA rules, and GitHub account identifiers to aid defenders in detection and mitigation.

Security teams are urged to verify third-party code dependencies, review account provenance before integration, and monitor for anomalous repository updates.

PyStoreRAT exemplifies how the intersection of AI-driven development and threat automation can accelerate the next phase of software supply-chain exploitation, turning trust itself into the attack surface.

Find this Story Interesting! Follow us on Google News , LinkedIn and X to Get More Instant Updates

The post Emergent AI-Enabled Supply Chain Exploitation in Open-Source Development Platforms appeared first on Cyber Security News.