AI platforms can be abused for stealthy malware communication
AI platforms can be abused for stealthy malware communication
Publish Date: 2026-02-18 15:18:00
Source Domain: www.bleepingcomputer.com
AI assistants like Grok and Microsoft Copilot with web browsing and URL-fetching capabilities can be abused to intermediate command-and-control (C2) activity.
Researchers at cybersecurity company Check Point discovered that threat actors can use AI services to relay communication between the C2 server and the target machine.
Attackers can exploit this mechanism to deliver commands and retrieve stolen data from victim systems.
The researchers created a proof-of-concept to show how it all works and disclosed their findings to Microsoft and xAI.
AI as a stealthy relay
Instead of malware connecting directly to a C2 server hosted on the attacker’s infrastructure, Check Point’s idea was to have it communicate with an AI web interface, instructing the agent to fetch an attacker-controlled URL and receive the response in the AI’s output.
In Check Point’s scenario, the malware interacts with the AI service using the WebView2 component in Windows 11. The researchers say that even if the component is missing on the target system, the threat actor can deliver it embedded in the malware.
WebView2 is used by developers to show web content in the interface of native desktop applications, thus eliminating the need of a full-featured browser.
The researchers created “a C++ program that opens a WebView pointing to either Grok or Copilot.” This way, the attacker can submit to the assistant instructions that can include commands to be executed or extract information from the compromised machine.
Malware to AI agent interaction flow
Source: Check Point
The webpage responds with embedded instructions that the attacker can change at will, which the AI extracts or summarizes in response to the malware’s query.
The malware parses the AI assistant’s response in the chat and extracts the instructions.
Grok and Copilot summarize the C2’s encrypted data response
Source: Check Point
This creates a bidirectional communication channel via the AI…
