A novel AI-driven threat leverages LLMs on Hugging Face to execute adaptive reconnaissance and data exfiltration in real time.
Rather than relying on static scripts or prewritten payloads, LAMEHUG dynamically queries a Qwen 2.5-Coder-32B-Instruct model via the Hugging Face API to generate Windows command-shell instructions tailored to its current environment.
This capability enables on-the-fly reconnaissance, targeted data collection, and adaptive evasion, complicating detection and response efforts for security operations centers (SOCs) and blue teams.
Last July, CERT-UA publicly disclosed an emerging and unusually sophisticated malware family dubbed LAMEHUG, marking a dramatic shift in attacker tradecraft by embedding large language models (LLMs) into malware workflows.
CERT-UA reports that LAMEHUG is delivered through spear-phishing emails carrying malicious executables disguised as AI image-generation tools.
Common filenames include AI_generator_uncensored_Canvas_PRO_v0.9.exe and AI_image_generator_v0.95.exe.
When executed, these loaders display an innocuous prompt interface for user-supplied image requests while immediately spawning a hidden thread to invoke the LLM_QUERY_EX() function, which orchestrates the core malicious activities.
A variant decodes and drops a decoy PDF file to further lull users into opening the payload. After launching the LLM thread, the xlsx_open() function decodes a large Base64 string representing a dummy PDF, writes it to C:ProgramData, and executes it via cmd.exe. The dropped PDF often masquerades as a government or corporate document to lend credibility.
LLM-Powered Reconnaissance
The heart of LAMEHUG’s innovation lies in its LLM_QUERY_EX() routine. This module constructs prompts such as “Enumerate system hardware details,” then sends them to the Qwen 2.5-Coder-32B-Instruct model at router.huggingface.co.
The model returns custom Windows command sequences— for example, invoking systeminfo, wmic cpu, wmic diskdrive, and dsquery—which the malware immediately runs under elevated privileges to gather system and network data.
By intercepting the model’s responses, analysts from the Splunk Threat Research Team (STRT) reconstructed several of these automated prompt-response cycles, revealing precise instructions used for:
- System Information Discovery (T1082): Gathering OS, hardware, and environment details via systeminfo and wmic.
- Automated File Collection (T1119): Recursively copying sensitive documents (e.g., .docx, .pdf) from user directories to C:ProgramDatainfo using xcopy.exe.
This adaptive approach allows LAMEHUG to tailor its reconnaissance and collection logic based on real-time feedback from the target host, effectively learning which commands succeed and adjusting subsequent prompts accordingly.
Once data is consolidated locally, LAMEHUG exfiltrates it over either SSH or HTTP channels. One variant uses an SSH session to a C2 server, authenticating with embedded credentials and transferring info.txt and harvested files. Another variant Base64-encodes LLM prompt messages and collected data, then posts them via HTTPS to a PHP endpoint at stayathomeclasses[.]com/slpw/up[.]php.
Detection Strategies
Given its reliance on standard Windows utilities, LAMEHUG’s behavior can blend with legitimate administrative activity. However, several analytic rules help flag anomalies:
- WMI Reconnaissance Detection: Monitoring WMIC commands for CPU, diskdrive, memorychip, nic, and computersystem queries can reveal suspicious enumeration consistent with T1082 activity.
- Net Service Enumeration: Detecting net start usage for listing services may indicate attacker interest in security-related processes.
- File Collection via Copy Utilities: Alerting on recursive xcopy.exe commands targeting user document extensions can catch automated data gathering.
- AI Platform DNS Queries: Observing DNS requests to router.huggingface.co from common host processes (python.exe, powershell.exe) can surface unauthorized LLM interactions.
LAMEHUG’s fusion of malware with LLMs represents a paradigm shift: attacks that learn and adapt in real time, dynamically crafting commands to probe and exploit compromised systems.
Defenders must enhance telemetry for legitimate-looking utility usage, monitor unusual AI-service network activity, and employ behavior-based detections to counter these emerging threats.
By combining vigilant anomaly detection with network and endpoint monitoring tailored to LAMEHUG’s tactics, SOC teams can disrupt its reconnaissance and data theft operations before significant damage occurs.
IOC
| SHA256 Hashes | Description |
|---|---|
| 384e8f3d300205546fb8c9b9224011b3b3cb71adc994180ff55e1e6416f65715 | LAMEHUG |
| 766c356d6a4b00078a0293460c5967764fcd788da8c1cd1df708695f3a15b777 | LAMEHUG |
| bdb33bbb4ea11884b15f67e5c974136e6294aa87459cdc276ac2eea85b1deaa3 | LAMEHUG |
| d6af1c9f5ce407e53ec73c8e7187ed804fb4f80cf8dbd6722fc69e15e135db2e | LAMEHUG |
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
