{"id":229381,"date":"2026-03-30T14:30:00","date_gmt":"2026-03-30T18:30:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/03\/30\/researchers-say-credential-stealing-campaign-used-ai-to-build-evasion-at-every-stage\/"},"modified":"2026-03-30T18:45:22","modified_gmt":"2026-03-30T22:45:22","slug":"researchers-say-credential-stealing-campaign-used-ai-to-build-evasion-at-every-stage","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/03\/30\/researchers-say-credential-stealing-campaign-used-ai-to-build-evasion-at-every-stage\/","title":{"rendered":"Researchers say credential-stealing campaign used AI to build evasion \u2018at every stage\u2019"},"content":{"rendered":"<p><a href=\"https:\/\/cyberscoop.com\/deepload-ai-malware-obfuscation-at-every-stage-reliaquest\/\">Researchers say credential-stealing campaign used AI to build evasion \u2018at every stage\u2019<\/a><\/p>\n<p><a href=\"https:\/\/cyberscoop.com\/deepload-ai-malware-obfuscation-at-every-stage-reliaquest\/\">https:\/\/cyberscoop.com\/deepload-ai-malware-obfuscation-at-every-stage-reliaquest\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-03-30 14:30:00<\/a><\/p>\n<p>Source Domain: <a href=\"cyberscoop.com\">cyberscoop.com<\/a><\/p>\n<p>A new malware-based credential-stealing campaign, which researchers are calling \u201cDeepLoad,\u201d has been infecting enterprise business IT environments over the past<\/p>\n<p>In a report released Monday, ReliaQuest AI researchers Thassanai McCabe and Andrew Currie say the most relevant feature of this attack is the way it uses artificial intelligence and other engineering \u201cto defeat the controls most organizations rely on, turning one user action into persistent, credential-stealing access.\u201d<\/p>\n<p>DeepLoad is delivered to victims via \u201cQuickFix\u201d social-engineering techniques, such as fake browser prompts or error pages. If the user falls for the scheme, the malware developers \u2014 or more likely their AI tools \u2014 put a lot of work into building evasion of security technology \u201cat every stage\u201d of the attack chain.<\/p>\n<p>The loader \u201cburies functional code under thousands of meaningless variable assignments,\u201d and the payload runs behind a Windows lock screen process that is \u201coverlooked by security tools\u201d monitoring for threats. ReliaQuest said \u201cthe sheer volume\u201d of code padding likely rules out human-only involvement.<\/p>\n<p>\u201cWe assess with high confidence that AI was used to build this obfuscation layer,\u201d McCabe and Currie write. \u201cIf so, organizations should expect frequent updates to the malware and less time to adapt detection coverage between waves.\u201d<\/p>\n<p>DeepLoad can steal credentials through real-time keylogging, and even if security teams block the initial loader, it was able to persist through backup contingencies.<\/p>\n<p>\u201cIn the incidents we investigated, the loader spread to connected USB drives, which means the initial host is unlikely to be the only impacted system,\u201d McCabe and Currie wrote. \u201cEven after cleanup, a hidden persistence mechanism not addressed by standard remediation workflows re-executed the attack three days later.\u201d<\/p>\n<p>ReliaQuest\u2019s research offers more evidence that over the past year, some traditional static&#8230;<\/p>\n<p><a href=\"https:\/\/cyberscoop.com\/deepload-ai-malware-obfuscation-at-every-stage-reliaquest\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Researchers say credential-stealing campaign used AI to build evasion \u2018at every stage\u2019 https:\/\/cyberscoop.com\/deepload-ai-malware-obfuscation-at-every-stage-reliaquest\/ Publish Date:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":229382,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2026\/03\/GettyImages-2219277453.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,20,32],"class_list":["post-229381","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-artificial-intelligence","tag-malware"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/229381"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=229381"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/229381\/revisions"}],"predecessor-version":[{"id":229383,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/229381\/revisions\/229383"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/229382"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=229381"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=229381"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=229381"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}