{"id":215464,"date":"2026-02-18T15:18:00","date_gmt":"2026-02-18T20:18:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/02\/18\/ai-platforms-can-be-abused-for-stealthy-malware-communication\/"},"modified":"2026-02-19T19:00:16","modified_gmt":"2026-02-20T00:00:16","slug":"ai-platforms-can-be-abused-for-stealthy-malware-communication","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/02\/18\/ai-platforms-can-be-abused-for-stealthy-malware-communication\/","title":{"rendered":"AI platforms can be abused for stealthy malware communication"},"content":{"rendered":"

AI platforms can be abused for stealthy malware communication<\/a><\/p>\n

https:\/\/www.bleepingcomputer.com\/news\/security\/ai-platforms-can-be-abused-for-stealthy-malware-communication\/<\/a><\/p>\n

Publish Date: 2026-02-18 15:18:00<\/a><\/p>\n

Source Domain: www.bleepingcomputer.com<\/a><\/p>\n

\n

AI assistants like Grok and Microsoft Copilot with web browsing and URL-fetching capabilities can be abused to intermediate command-and-control (C2) activity.<\/p>\n

Researchers at cybersecurity company Check Point discovered that threat actors can use AI services\u00a0to relay communication between the C2 server and the target machine.<\/p>\n

Attackers can exploit this mechanism to deliver commands and retrieve stolen data from victim systems.<\/p>\n

\"Wiz\"<\/p>\n

The researchers created a proof-of-concept to show how it all works and\u00a0disclosed their findings to Microsoft and xAI.<\/p>\n

AI as a stealthy relay<\/h3>\n

Instead of malware connecting directly to a C2 server hosted on the attacker’s infrastructure, Check Point\u2019s idea was to have it communicate with an AI web interface, instructing the agent to fetch an attacker-controlled URL and receive the response in the AI\u2019s output.<\/p>\n

In Check Point’s scenario, the malware interacts with the AI service using the WebView2 component in Windows 11. The researchers say that even if the component is missing on the target system, the threat actor can deliver it embedded in the malware.<\/p>\n

WebView2 is used by developers to show web content in the interface of\u00a0native desktop applications, thus eliminating the need of a\u00a0full-featured browser.<\/p>\n

The researchers created “a C++ program that opens a WebView pointing to either Grok or Copilot.” This way, the attacker can submit to the assistant instructions that can include commands to be executed or extract information from the compromised machine.<\/p>\n

\"InteractionMalware to AI agent interaction flow<\/strong>
Source: Check Point<\/p>\n

The webpage responds with embedded instructions that the attacker can change at will, which the AI extracts or summarizes in response to the malware\u2019s query.<\/p>\n

The malware parses the AI assistant’s response in the chat and extracts the instructions.<\/p>\n

\"GrokGrok and Copilot summarize the C2’s encrypted data response<\/strong>
Source: Check Point<\/p>\n

This creates a bidirectional communication channel via the AI…<\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

AI platforms can be abused for stealthy malware communication https:\/\/www.bleepingcomputer.com\/news\/security\/ai-platforms-can-be-abused-for-stealthy-malware-communication\/ Publish Date: 2026-02-18 15:18:00 Source…<\/p>\n","protected":false},"author":1,"featured_media":215465,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.bleepstatic.com\/content\/hl-images\/2024\/03\/05\/hand.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,24,31,32,34],"class_list":["post-215464","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-cybersecurity","tag-exploit","tag-malware","tag-threat-actor"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/215464"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=215464"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/215464\/revisions"}],"predecessor-version":[{"id":215466,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/215464\/revisions\/215466"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/215465"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=215464"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=215464"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=215464"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}