New AI-Driven Malware Uses Language Models to Generate Commands and Steal Documents from Infected Systems

A newly discovered malware called LAMEHUG is causing major alarm in the cybersecurity community. It's not just another virus, this one employs artificial intelligence (AI) in ways we've never seen before. According to Ukraine's national cybersecurity team (CERT-UA), the malware was discovered after doubtful emails were sent to government officials in early July 2025.

These emails appeared to come from legitimate ministry officials, but they were actually sent by hackers.The emails included a ZIP file containing malicious files named like “AI_generator_uncensored_Canvas_PRO_v0.9.exe” and “image.py”. Once opened, the LAMEHUG malware will silently enter the mechanism.

What differentiates LAMEHUG is the usage of a AI model named Qwen2.5-Coder-32B-Instruct developed by Alibaba Cloud that employs a popular AI platform called Hugging Face to convert basic written instructions into actual computer commands that are executed on the infected PC.

Once entered, the malware searches for PDF and text files in commonly used directories such as Documents, Desktop, and Downloads. It then transfers the stolen data to a hacker-controlled server.

The hacker group that causes this attack is APT28, commonly known as Fancy Bear, a Russian state-sponsored gang that has been operating for several years. According to cybersecurity experts, this might be a testing phase for new AI-powered attack methods rather than a large-scale cyber operation.

LAMEHUG isn't the only AI-related malware raising concerns. According to experts, this is only the beginning of AI being misused in cyberattacks, and more complex dangers are expected to follow.

This article is based on information from The Hackers News