A newly discovered malware, called LameHug, is utilizing artificial intelligence to target Windows computers worldwide. What’s alarming is that it uses the same type of technology behind popular AI chatbots like ChatGPT, Gemini, and Claude.
Discovered by Ukraine’s national cybersecurity team (CERT-UA), the malware appears to be linked to a Russian hacker group known as APT-28. It was built using Python and uses APIs from Hugging Face while relying on a powerful AI model called Qwen-2.5-Coder-32B-Instruct, which Alibaba Cloud created.
Just like chatbots can turn plain language into computer code, LameHug uses AI to generate commands that can control infected systems. It steals data by scanning through folders like Desktop, Downloads, and Documents, and then sends the information to a remote server controlled by the attackers.
The malware was spread through phishing emails sent to Ukrainian government agencies. These emails pretended to be official communications and included a ZIP file containing dangerous files, such as AI_generator_uncensored_Canvas_PRO_0.9.exe and image.py.
What makes LameHug especially dangerous is its flexibility. Since it uses AI to write new commands on the fly, hackers don’t need to send new malware files every time. This makes it harder for traditional antivirus programs to detect or block it.
Security experts, including IBM’s X-Force Exchange, believe this is the first known case of malware actively using a large language model (LLM) to generate commands. It signals a major shift in cyber threats, where AI is no longer just a defensive tool but is now being used to help launch sophisticated attacks.
This report also follows recent warnings from cybersecurity firms about new threats like Skynet, another AI-aware malware designed to dodge detection systems.
