DeepLocker: IBM PoC AI Powered Malware

[WMGroomAK]

Security researchers at IBM have developed a potentially 'new' class of malware that uses open source machine learning and Deep Neural Network AI models to target specific individuals.  Their proof of concept that was demonstrated at Black Hat 2018 is code-named DeepLocker and masks itself as a simple video-conferencing application until the target is captured by the camera, at which point it deploys it's malicious payload (WannaCry in this case).  

 

https://securityintelligence.com/deeplocker-how-ai-can-power-a-stealthy-new-breed-of-malware/

 

Quote

DeepLocker has changed the game of malware evasion by taking a fundamentally different approach from any other current evasive and targeted malware. DeepLocker hides its malicious payload in benign carrier applications, such as a video conference software, to avoid detection by most antivirus and malware scanners.

 

What is unique about DeepLocker is that the use of AI makes the “trigger conditions” to unlock the attack almost impossible to reverse engineer. The malicious payload will only be unlocked if the intended target is reached. It achieves this by using a deep neural network (DNN) AI model.

 

The AI model is trained to behave normally unless it is presented with a specific input: the trigger conditions identifying specific victims. The neural network produces the “key” needed to unlock the attack. DeepLocker can leverage several attributes to identify its target, including visual, audio, geolocation and system-level features. As it is virtually impossible to exhaustively enumerate all possible trigger conditions for the AI model, this method would make it extremely challenging for malware analysts to reverse engineer the neural network and recover the mission-critical secrets, including the attack payload and the specifics of the target. When attackers attempt to infiltrate a target with malware, a stealthy, targeted attack needs to conceal two main components: the trigger condition(s) and the attack payload.

 

DeepLocker is able to leverage the “black-box” nature of the DNN AI model to conceal the trigger condition. A simple “if this, then that” trigger condition is transformed into a deep convolutional network of the AI model that is very hard to decipher. In addition to that, it is able to convert the concealed trigger condition itself into a “password” or “key” that is required to unlock the attack payload.

 

Technically, this method allows three layers of attack concealment. That is, given a DeepLocker AI model alone, it is extremely difficult for malware analysts to figure out what class of target it is looking for. Is it after people’s faces or some other visual clues? What specific instance of the target class is the valid trigger condition? And what is the ultimate goal of the attack payload?

 

To demonstrate the implications of DeepLocker’s capabilities, we designed a proof of concept in which we camouflage a well-known ransomware (WannaCry) in a benign video conferencing application so that it remains undetected by malware analysis tools, including antivirus engines and malware sandboxes. As a triggering condition, we trained the AI model to recognize the face of a specific person to unlock the ransomware and execute on the system.

 

Imagine that this video conferencing application is distributed and downloaded by millions of people, which is a plausible scenario nowadays on many public platforms. When launched, the app would surreptitiously feed camera snapshots into the embedded AI model, but otherwise behave normally for all users except the intended target. When the victim sits in front of the computer and uses the application, the camera would feed their face to the app, and the malicious payload will be secretly executed, thanks to the victim’s face, which was the preprogrammed key to unlock it.

 

It’s important to understand that DeepLocker describes an entirely new class of malware — any number of AI models could be plugged in to find the intended victim, and different types of malware could be used as the “payload” that is hidden within the application.

https://www.hardocp.com/news/2018/08/16/ai_driven_malware_deeplocker_at_defcon/

 

This seems to be a very basic implementation of a potentially new class of malicious software that I could see getting more complicated, especially if you have a very imaginative programmer that sets multiple conditional attack vectors...  The targeting ability I think that governments would be especially interested in this for multiple types of espionage (Or I'm being a bit paranoid).

 

 

 

[TacoSenpai]

Perhaps its meant to encrypt SERN's deepest secrets and only the IBM 5100 can decrypt them.

 

 

On a serious note.  Learning Malware sounds like a living nightmare.

[Rune]

2 minutes ago, LordOTaco said:

Perhaps its meant to encrypt SERN's deepest secrets and only the IBM 5100 can decrypt them.

 

All aboard the dystopia train choo choo

[TacoSenpai]

Just now, Rune said:

 

All aboard the dystopia train choo choo

IBM

Deep Neural Net AI (Amadeus if you haven't seen Steins Gate 0)

Encryption

 

It all adds up my friend

[rcmaehl]

If only there was a way to prevent this from happening in the first place.

[TacoSenpai]

6 minutes ago, rcmaehl said:

If only there was a way to prevent this from happening in the first place.

So many potential Steins;Gate references must resist...

 

The part that interested me most was how they mentioned the AI is "trained" beforehand.  That is concerning to say the least.

[Froody129]

That... smarts 

[givingtnt]

woooo
Part of me is terrified
part of me is totally hyped.

[WMGroomAK]

5 minutes ago, VegetableStu said:

i thought it meant AI-controlled dynamic viruses ._. thankfully I'm wrong

At least for the moment...  If they can use DNN AI to specify targets, I wouldn't think it would be too difficult to use similar techniques to equip the malware with multiple payloads and use the network to specify at least one payload to deploy based on the local security settings.

[Taf the Ghost]

Skynet.  We really need to shut all of this AI development down.

[TacoSenpai]

2 minutes ago, WMGroomAK said:

At least for the moment...  If they can use DNN AI to specify targets, I wouldn't think it would be too difficult to use similar techniques to equip the malware with multiple payloads and use the network to specify at least one payload to deploy based on the local security settings.

Now there's a thought...of course having a program probe the settings and hide from the local security software/intrusion detection would be the trick but I'm sure someone motivated enough could do it. 

[mynameisjuan]

So now we need AI antivirus. Can we cut this AI shit out already. 

[Doobeedoo]

Learning malware, how cool. Can't wait until the AI for it is smarter than us and we're done for.

[Amazonsucks]

19 hours ago, mynameisjuan said:

So now we need AI antivirus. Can we cut this AI shit out already. 

 

AI and ML is already in a lot of antimalware btw