EvilAI Operators Use AI-Generated Code and Fake Apps for Far-Reaching Attacks
Trend Micro, Thursday, September 11th, 2025
Combining AI-generated code and social engineering, EvilAI operators are executing a rapidly expanding campaign, disguising their malware as legitimate applications to bypass security, steal credentials, and persistently compromise organizations worldwide.
In recent weeks, Trend Research has observed a new wave of malware campaigns that infiltrate systems by posing as legitimate AI tools and software - complete with realistic interfaces, code signing, and convincing utility features - making them appear legitimate to end users. Rather than relying on obviously malicious files, these trojans mimic the appearance of real software to go unnoticed into both corporate and personal environments, often gaining persistent access before raising any suspicion.