{"id":223107,"date":"2026-03-12T13:02:00","date_gmt":"2026-03-12T17:02:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/03\/12\/hive0163-uses-ai-assisted-slopoly-malware-for-persistent-access-in-ransomware-attacks\/"},"modified":"2026-03-13T06:30:11","modified_gmt":"2026-03-13T10:30:11","slug":"hive0163-uses-ai-assisted-slopoly-malware-for-persistent-access-in-ransomware-attacks","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/03\/12\/hive0163-uses-ai-assisted-slopoly-malware-for-persistent-access-in-ransomware-attacks\/","title":{"rendered":"Hive0163 Uses AI-Assisted Slopoly Malware for Persistent Access in Ransomware Attacks"},"content":{"rendered":"<p><a href=\"https:\/\/thehackernews.com\/2026\/03\/hive0163-uses-ai-assisted-slopoly.html\">Hive0163 Uses AI-Assisted Slopoly Malware for Persistent Access in Ransomware Attacks<\/a><\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/03\/hive0163-uses-ai-assisted-slopoly.html\">https:\/\/thehackernews.com\/2026\/03\/hive0163-uses-ai-assisted-slopoly.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-03-12 13:02:00<\/a><\/p>\n<p>Source Domain: <a href=\"thehackernews.com\">thehackernews.com<\/a><\/p>\n<p><span class=\"p-author\">\ue804<span class=\"author\">Ravie Lakshmanan<\/span>\ue802<span class=\"author\">Mar 12, 2026<\/span><\/span><span class=\"p-tags\">Artificial Intelligence \/ Malware<\/span><\/p>\n<p>Cybersecurity researchers have disclosed details of a suspected artificial intelligence (AI)-generated malware codenamed <strong>Slopoly<\/strong> put to use by a financially motivated threat actor named <strong>Hive0163<\/strong>.<\/p>\n<p>&#8220;Although still relatively unspectacular, AI-generated malware such as Slopoly shows how easily threat actors can weaponize AI to develop new malware frameworks in a fraction of the time it used to take,&#8221; IBM X-Force researcher Golo M\u00fchr said in a report shared with The Hacker News.<\/p>\n<p>Hive0163&#8217;s operations are driven by extortion through large-scale data exfiltration and ransomware. The e-crime group is primarily associated with a wide range of malicious tools, including NodeSnake, Interlock RAT, JunkFiction loader, and Interlock ransomware.<\/p>\n<p>In one ransomware attack observed by the company in early 2026, the threat actor was observed deploying Slopoly during the post-exploitation phase so as to maintain persistent access to the compromised server for more than a week.<\/p>\n<p>Slopoly&#8217;s discovery can be traced back to a PowerShell script that&#8217;s likely deployed into the &#8220;C:ProgramDataMicrosoftWindowsRuntime&#8221; folder by means of a builder. Persistence is achieved by setting up a scheduled task called &#8220;Runtime Broker.&#8221;<\/p>\n<p>There are signs that the malware was developed with the help of an as-yet-undetermined large language model (LLM). This includes the presence of extensive comments, logging, error handling, and accurately named variables. The comments also describe the script as a &#8220;Polymorphic C2 Persistence Client,&#8221; indicating that it&#8217;s part of a command-and-control (C2) framework.<\/p>\n<p>&#8220;However, the script does not possess any advanced techniques and can hardly be considered polymorphic, since it&#8217;s unable to modify its own code during execution,&#8221; M\u00fchr noted. &#8220;The builder may, however, generate new clients with different randomized configuration values and function names, which is standard practice among malware&#8230;<\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/03\/hive0163-uses-ai-assisted-slopoly.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hive0163 Uses AI-Assisted Slopoly Malware for Persistent Access in Ransomware Attacks https:\/\/thehackernews.com\/2026\/03\/hive0163-uses-ai-assisted-slopoly.html Publish Date: 2026-03-12&#8230;<\/p>\n","protected":false},"author":1,"featured_media":223108,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhAvQYbgT2Bzyhv6lldqV781Ec5C2EKl2Y-ezdEDwakAZnizcub5ZIyJxZKg-fouq4L04gr_sNDHb5JPVhoOYYRKLnzo_TQqAiOFCPycF2EfjVA2wpA3ak9ZgfUFXCi_O9Pwx2GdtCDo3u6PFlheeR9IC2OMfGF5XZ8Cr-53uP01xsQxEGDQ8AO3rbvka8e\/s16000\/ransomware-ai.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,20,24,35,18,17,32,34],"class_list":["post-223107","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-artificial-intelligence","tag-cybersecurity","tag-hacker","tag-large-language-model","tag-llm","tag-malware","tag-threat-actor"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/223107"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=223107"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/223107\/revisions"}],"predecessor-version":[{"id":223109,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/223107\/revisions\/223109"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/223108"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=223107"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=223107"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=223107"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}