Security Company Warns: FunkSec Ransom Trojan May Be AI-Generated, 85 Companies Affected

Recently, the well-known security company Check Point released a report revealing a new type of ransomware trojan named FunkSec. Since the end of last year, this malware has successfully attacked at least 85 corporate organizations. According to researchers, this ransomware was developed using the Rust programming language, and there are strong indications that it may have been automatically generated by a large AI model.

The study pointed out that FunkSec's code includes a series of fluent English comments, demonstrating a high level of intelligence in its generation process. However, despite its professional appearance, its attack patterns appear relatively primitive and outdated, further supporting the hypothesis that this trojan may have been generated by an AI model. Researchers believe that less technically skilled hackers could easily use these AI models to generate various types of malware.

Additionally, the investigation found that a hacker using the alias “el_farado” was publicly selling this FunkSec trojan on underground forums, indicating that he is profiting from this activity. This behavior reveals how hackers are leveraging AI technology to create complex malware at a low cost. Interestingly, this hacker also posted on relevant forums asking how to become a hacker, highlighting his limited technical skills.

Even more concerning is that the so-called “stolen data” disclosed by the related hackers often comes from attacks by other criminal organizations, indicating that they are attempting to exaggerate their influence. This phenomenon not only reflects the self-promotion of hackers but also exposes their serious lack of technical capability, seemingly relying on the convenience of AI for “disguise.”

As technology advances, the application of AI becomes increasingly widespread, and the cybersecurity landscape is becoming more severe. This incident undoubtedly serves as a wake-up call for major companies, reminding them to strengthen their cybersecurity measures to defend against AI-driven malicious attacks.