AI Can Generate Malware That Evades Detection 88% of the Time

Experts from Palo Alto Networks have conducted an experiment and reported that large language models (LLMs) can be used to mass-generate new variants of malicious JavaScript code, ultimately allowing malware to better evade detection. “While it’s difficult to create malware from scratch using LLMs, criminals can easily use them to rewrite or obfuscate existing malicious code, making it harder to detect,” the researchers wrote.

According to them, hackers can instruct LLMs to perform transformations, and with enough iterations, the effectiveness of malware classification systems can decrease, as these systems may start to believe that malicious code is actually harmless.

The specialists demonstrated that LLMs can be used for iterative rewriting of existing malware samples to evade detection by machine learning models such as Innocent Until Proven Guilty and PhishingJS. According to the experts, this essentially opens the door to creating tens of thousands of new JavaScript variants without changing their functionality.

Retraining Models on LLM-Rewritten Samples Improves Detection

The researchers’ technology is designed to transform malicious code using various methods: renaming variables, splitting strings, inserting junk code, removing unnecessary whitespace, and so on. “The result is a new variant of malicious JavaScript that retains the same behavior as the original script but almost always receives a much lower maliciousness score,” the company says.

In 88% of cases, this approach changed the verdict of Palo Alto Networks’ malware classifier, making the malicious script appear harmless. Even worse, the rewritten JavaScript successfully fooled other malware analyzers, as the experts confirmed by uploading the generated malware to VirusTotal.

Another important advantage of LLM-based obfuscation, according to the researchers, is that many rewritten fragments look much more natural than those produced by libraries like obfuscator.io. The latter are easier to detect and track because they make irreversible structural changes to the original code.

Code Fragments Rewritten by obfuscator.io (Left) and LLM (Right)

The specialists conclude that generative AI can be used to increase the number of new malware variants. However, this code-rewriting tactic can also be used to generate training data, which can ultimately improve the reliability of machine learning models.