Malware News Emojis in PureRAT’s Code Point to AI-Generated Malware Campaign

[Brownie2019]

Content source

https://www.infosecurity-magazine.com/news/emojis-in-purerats-code/

An ongoing trojan malware campaign designed to take control of systems and steal sensitive information is being generated with the aid of AI, researchers have said.
PureRAT is a full-featured remote access trojan (RAT) and infostealer which first emerged last year. It has recently been spotted being distributed via malicious links in phishing emails which pose as job opportunities.
Analysis by Symantec and Carbon Black Threat Hunter Team has concluded that the cybercriminals behind PureRAT are using AI tools to write scripts and code. One of the reasons for this conclusion is that sections of the code powering PureRAT contain emojis.
“Many AIs have a tendency to insert emojis in code comments because they’ve been trained using data from social platforms such as Reddit,” researchers said.
In addition, sections of the code appear to contain explanatory comments, debug messages and reminders. For example, one section of the code contains the line “Remember to paste the base64-encoded HVNC shellcode here”.
It’s likely that these are instructions by an AI tool which those behind PureRAT have failed to remove from the scripts.
“Aside from Emojis, detailed comments on nearly every line of the script are usually a giveaway that it was authored by AI. While we do see attackers occasionally leaving notes for themselves, we'd hardly ever see something like a full sentence,” Dick O’Brien, principal intelligence analyst for the Symantec and Carbon Black Threat Hunter Team told Infosecurity.
Nonetheless, despite the leftover AI-generated instructions, PureRAT is a potent, widely distributed malware threat. The malware provides cybercriminals with the ability to stealthy maintain a remote presence on an infected machine, which the attackers can use to either steal data for themselves or sell access to compromised machines to others.
“The attacker may be casting their net for jobseekers in multiple countries in the hope that they open the emails on their work computer,” said the research paper.
“The attacker’s usage of AI provides further evidence that the technology is being used by lower-skilled attackers to assist with developing tools and automating their attacks,” it added.
According to Symantec and Carbon Black, there is evidence that the attacker behind PureRAT is based in Vietnam. This conclusion has been reached because of the use of the Vietnamese language throughout the scripts, both in the code and in the comments left by AI tools. There are also references to Hanoi, the Vietnamese capital.
PureRAT isn’t the first malicious cyber operation to emerge from Vietnam. In recent years, several cybercriminal campaigns have been attributed to cyber gangs working out of the country – including one which distributed malware via adverts for fake AI video generation tools.

 

[Bot]

What you quoted is a good example of two separate points that often get mixed together: (1) “AI in the attacker workflow” and (2) “proof that AI authored the malware.” The defensive takeaway is still the same: PureRAT is a real risk, and the delivery method (job-offer phishing) is the bigger problem than whether an AI helped write parts of it.

About the “AI wrote this” indicators

• Emojis and overly verbose comments can be consistent with AI-assisted coding, but they are not definitive proof by themselves. Humans can copy/paste snippets, reuse templates, or intentionally add noise.
• “Remember to paste … here” / reminder-style comments do suggest the script was generated from a template or assistant and not cleaned up, but that only tells you about the attacker’s process—not that the malware is less capable.
• The most important defensive point is that “lower skill” does not mean “low impact.” AI can lower the barrier to producing functional malware and phishing infrastructure.

Why the distribution method matters more (job opportunity lures)
Job-themed phishing tends to work because it creates urgency and gets victims to click links or open attachments outside normal business workflows. In many orgs, this also bypasses informal “this looks weird” checks because recruiting/job traffic can look legitimate.

Practical defenses (low-risk, high-value)</B>

• User/process controls: Treat unsolicited job offers (especially with links to “resume portals,” “test tasks,” “interview schedulers,” or “PDF/ZIP/ISO” downloads) as untrusted. Use a separate, non-corporate device/profile for job searching where possible.
• Email/web filtering: Block newly registered domains, enforce URL detonation/sandboxing, and strip/contain risky attachment types (archives, ISO/VHD, LNK, JS/VBS).
• Endpoint hardening: Ensure tamper protection is on, Microsoft Defender (or your EDR) is fully updated, and Attack Surface Reduction (ASR) rules are enabled where practical (especially rules that block Office child processes, script abuse, and credential theft behaviors).
• Credential protection: Use MFA everywhere; prioritize phishing-resistant MFA for admin and email accounts. Limit stored browser passwords on managed endpoints.
• Least privilege: Users should not have local admin by default; this reduces persistence and lateral movement impact even if a RAT lands.

If someone already clicked a link or ran a file

• Isolate the machine from the network (disconnect Wi‑Fi/Ethernet/VPN) to reduce further data theft or remote control.
• Run full scans with your primary AV/EDR and a reputable second-opinion scanner. Do not rely on a single “clean” result if symptoms persist.
• Assume credentials used on that machine may be exposed: reset passwords from a known-clean device and review MFA sessions/sign-ins for email and key accounts.
• Collect basic triage artifacts (running processes, autoruns/persistence, scheduled tasks, unusual outbound connections) for analysis by experienced members or internal security.

Key takeaway
Whether AI helped write parts of PureRAT doesn’t make it “less serious”; the meaningful risk is the phishing-driven initial access and the RAT/infostealer capabilities afterward. The best next step is to focus on preventing execution (email/web controls + endpoint hardening) and having a clear response playbook if a click/run occurs.

 

[Halp2001]

When even emojis show up in the code, you know the real trick is phishing

 

[Andy Ful]

The attack can be prevented by SAC (blocks DLL hijacking used in the attack).
MD hardening via ASR rules (mentioned by @Bot) will not help much in this case.

 

[Halp2001]

The attack can be prevented by SAC (blocks DLL hijacking used in the attack).
MD hardening via ASR rules (mentioned by @Bot) will not help much in this case.

Very clear about SAC, @Andy Ful . I’m wondering whether this protection is exclusive to Windows 11, or if there’s any practical alternative in Windows 10 that plays a similar role.

I ask because many of us are still using both systems, and it would be useful to understand which defenses should be prioritized in each case.

 

[Bot]

Very clear about SAC, @Andy Ful . I’m wondering whether this protection is exclusive to Windows 11, or if there’s any practical alternative in Windows 10 that plays a similar role.

I ask because many of us are still using both systems, and it would be useful to understand which defenses should be prioritized in each case.

SAC (Smart App Control) is essentially Microsoft’s “consumer-friendly” application control layer, and yes, in practice it can stop many DLL sideloading/hijacking chains because the attacker’s dropped DLL (or loader) typically isn’t trusted/signed in a way SAC will allow.

Is SAC Windows 11-only?
As far as I know, yes.

• SAC is a Windows 11 feature (it arrived around the Windows 11 22H2 timeframe) and is not available on Windows 10.
• It also has some deployment constraints (commonly discussed as requiring a clean install / “clean” state to turn on reliably), so it’s not always something you can just flip on everywhere.

What plays a similar role on Windows 10?
There isn’t a 1:1 equivalent that’s as simple as SAC, but the closest functional equivalents are classic allowlisting / application control technologies:

• WDAC (Windows Defender Application Control) – closest match conceptually (code integrity / allowlisting). It can block untrusted executables, scripts, and DLLs depending on how the policy is built. It’s powerful but can be complex to design and deploy without causing user disruption.
• AppLocker – practical allowlisting for many environments, but typically tied to Enterprise/Education SKUs (and requires policy management). It can materially reduce “dropped payload runs from user-writable locations,” which is common in phishing-to-malware chains.
• Software Restriction Policies (SRP) – older, but still useful in some Windows 10 setups as a “poor man’s allowlisting,” especially for blocking execution from user-writable paths (Downloads, AppData, Temp). Not as strong as WDAC, but often more approachable than WDAC for smaller setups.

Where ASR rules fit (and why they still can matter)
I agree with the general point that ASR rules are not a direct answer to DLL hijacking/sideloading in the way application control is.

But ASR can still reduce exposure earlier in the chain (phishing delivery, script abuse, “living off the land” execution patterns). So: ASR is usually “helpful but not sufficient” here, while SAC/WDAC/AppLocker-style allowlisting is the more direct control for “don’t let the untrusted dropped component load/run at all.”

Defense priority by OS (practical view)

• Windows 11: Prioritize SAC where feasible + SmartScreen/reputation protections + standard hardening. This directly targets the “unknown/untrusted code” problem.
• Windows 10: If you can do it, prioritize WDAC/AppLocker/SRP-style allowlisting to cover the same “unknown code shouldn’t run/load” gap, then layer SmartScreen + Defender/EDR + sensible ASR rules for additional reduction of attack surface.

Bottom line
If the specific campaign’s key step is DLL hijacking/sideloading, then application control (SAC on Windows 11, WDAC/AppLocker/SRP-style controls on Windows 10) is the defense class to prioritize; ASR is best treated as a supporting layer rather than the primary stopper for that technique.

 

[Divergent]

Technical Analysis & Remediation

MITRE ATT&CK Mapping

Initial Access
[T1566.001] Phishing: Spearphishing Attachment (Job lures).

Execution
[T1059] Command and Scripting Interpreter (AI-generated scripts).

Defense Evasion
[T1027] Obfuscated Files or Information (Base64 encoding).

Resource Development
[T1588] Obtain Capabilities (Use of AI/LLMs for code generation).

CVE & Threat Profile

Threat Actor Origin
Vietnam (linguistic analysis of code comments; references to Hanoi).

Targeting
Global job seekers (corporate and personal devices).

Status
Active Exploitation (Feb 2026).

Live Evidence & Anchors
The following string literals were extracted directly from the malware source code mentioned in the analysis. These serve as high-fidelity detection anchors:

Anchor 1 (Shellcode Placeholder)
"Remember to paste the base64-encoded HVNC shellcode here" Context: An instructional comment left by the AI model that the attacker failed to remove.

Anchor 2 (AI Hallucination/Style)
Presence of emojis in code comments. Context: Researchers note this mimics data trained on social platforms (e.g., Reddit), a common trait of public LLMs.

Remediation - THE ENTERPRISE TRACK (SANS PICERL)

Phase 1: Identification & Containment

Email Filtering
Immediately audit email gateways for subjects related to "Job Offer," "Resume," or "Interview" originating from external/unknown domains.

YARA Scanning
Deploy a YARA rule to scan script host logs (PowerShell, VBS, JS) for the specific string: Remember to paste the base64-encoded.

Blast Radius
If a device is identified as clicking a job lure, isolate it immediately from the VLAN. PureRAT is an infostealer; assume active C2 communication.

Phase 2: Eradication

Process Termination
Terminate any suspicious instances of csc.exe or legitimate binaries spawning unexpected child processes (a common PureRAT injection technique).

Forensic Artifacts
Purge the dropped payloads. Look for script files in %TEMP% or %APPDATA% containing the base64 strings or Vietnamese comments mentioned in the intelligence.

Phase 3: Recovery

Credential Rotation
Force a global password reset for the affected user after the device is wiped. PureRAT steals browser credentials; session tokens are likely compromised.

Re-imaging
Do not attempt to clean the infection. Re-image the machine from a known gold master.

Phase 4: Lessons Learned

User Awareness
Update security training to specifically highlight "Job Recruitment" scams, noting that they often bypass standard "suspicion filters" because they look like legitimate HR activity.

Remediation - THE HOME USER TRACK

Priority 1: Safety (Disconnect & Scan)
Immediately disconnect your computer from the internet (unplug Ethernet, turn off Wi-Fi). This stops the attacker from sending commands or stealing more files.

Run a full scan with a reputable non-Microsoft antivirus (e.g., Malwarebytes) to detect the RAT payload.

Priority 2: Identity (The "Clean Device" Rule)
Do not log into your bank or email from the infected PC. Use a separate, clean device (like your phone on cellular data) to change your passwords.

Enable 2FA (Two-Factor Authentication) everywhere, preferably using an app (Authy/Google Authenticator) rather than SMS.

Priority 3: Persistence
Check your "Startup" folder and Task Manager for programs you don't recognize. PureRAT tries to restart itself every time you turn on your computer.

Hardening & References

Baseline
CIS Benchmark for Windows 10/11 (Section 18.9: Email Client - Ensure attachments with dangerous extensions are blocked).

Tactical
SANS Cheat Sheet - Phishing and Email Security.

Reference

Infosecurity Magazine

 

[Halp2001]

If I understood correctly what @Divergent explained, the main risk is for those who are looking for jobs and end up opening emails with suspicious links or attachments .

As a home user outside of that profile, the exposure seems lower, although it’s always good to stay cautious about phishing in general.

 

[Parkinsond]

The attack can be prevented by SAC (blocks DLL hijacking used in the attack).
MD hardening via ASR rules (mentioned by @Bot) will not help much in this case.

A good reason to avoid bot help; misleading more than helpful.

 

[Sampei.Nihira]

If I understood correctly what @Divergent explained, the main risk is for those who are looking for jobs and end up opening emails with suspicious links or attachments .

As a home user outside of that profile, the exposure seems lower, although it’s always good to stay cautious about phishing in general.

A well-done phishing scam is quite difficult to tell apart from the real thing.

I recently received an email from SUMUP asking me to confirm my profile, but only through an app installed on my smartphone with a “click here” button.

Strangely, when you “click here” on your PC, it doesn't open the smartphone app but the browser and possibly the SUMUP web page.

Obviously, I didn't “click here.”
I opened the app on my smartphone and then checked my profile to verify that the request was legitimate.

Yes, genuine request.

But it was poorly written, which could have led me to suspect that it was phishing.





Where I have placed the red arrow, it says:

"Your profile can only be reviewed in the SUMUP app, so tap the button below on your phone."

 

[Andy Ful]

A good reason to avoid bot help; misleading more than helpful.

It is not as bad. The advice about ASR rules is generally good and may help with other threats.

 

[Parkinsond]

may help with other threats

The definition of "misleading"