Hackers use malware to steal data and take screenshots to sell it. At Black Hat, experts showed how AI can study those screenshots to spot and stop new malware early.
People do strange things in the middle of a house robbery, like make a sandwich or take selfies. Is it all that odd, then, that an infostealer malware cyberattack might leave some selfies behind? It’s true: Many malware campaigns leave screenshots behind that the attackers use to sell the data they’ve stolen. But a presentation at the Black Hat cybersecurity conference in Las Vegas explored how LLMs (large language models) can process these images and other traces to understand infostealer attacks and ultimately prevent them.
Estelle Ruellan, threat intelligence researcher at cybersecurity company Flare, came up with the idea and built the LLMs to implement the analysis. She presented her research, backed by Olivier Bilodeau, Flare’s principal security researcher.What Is Infostealer Malware?
Bilodeau first explained how infostealer malware works. “The user downloads malware, usually cracked software. That malware steals everything it can access. It doesn’t require admin rights, though if it gets that access, it can steal more. It grabs crypto wallets, password manager data, even the clipboard contents.” Sound familiar? It may be a new term, but you’re probably familiar with the type of attack.
“The malware packages up this data and uploads it to its command and control server,” he continued. “It often uses Telegram. Then the logs are resold to cyber criminals, again on Telegram.
