AI-generated Slopoly malware unearthed in Hive0163 financial attacks
AI-generated Slopoly malware unearthed in Hive0163 financial attacks
Publish Date: 2026-03-17 02:20:00
Source Domain: www.escudodigital.com
Researchers specialized in cybercrime have recently identified a new malicious program called Slopoly, linked to an economically motivated threat actor known as Hive0163.
This finding confirms that digital criminals are beginning to use AI models to accelerate the creation of new pieces of malware and optimize their intrusion campaigns.
The discovery was detailed by security analysts who studied a series of recent incidents related to ransomware and massive data theft.
According to experts, Slopoly is primarily used in advanced stages of attacks, when attackers have already gained access to the victim’s infrastructure and seek to maintain control of the compromised system.
Golo Mühr, a researcher at IBM X-Force, explained the scope of this emerging phenomenon. “Although still relatively unspectacular, AI-generated malware like Slopoly demonstrates how easy it is for threat actors to weaponize AI to develop new malware frameworks in a fraction of the time it used to take,” the analyst stated in a technical report.
Hive0163 and its history in cyber extortion campaigns
The Hive0163 group has long been monitored by cybersecurity companies due to its involvement in attacks aimed at obtaining economic benefits. Their operations are based on digital extortion strategies that combine data theft, threats of data leakage, and ransomware deployment.
Among the tools previously linked to this actor are several families of malicious software used to compromise corporate networks. Researchers have connected Hive0163 with utilities like NodeSnake, Interlock RAT, JunkFiction loader, and the ransomware Interlock, an arsenal that demonstrates a high degree of technical specialization.
In an attack detected at the beginning of 2026, analysts observed that the group deployed Slopoly after gaining initial access to the victim’s systems. For more than a week, the malware remained active on the compromised servers, allowing attackers to maintain a…
