Hackers Use Fake Claude Code Guide and AI PDFs to Spread AsyncRAT Malware

Hackers Use Fake Claude Code Guide and AI PDFs to Spread AsyncRAT Malware

Hackers are using fake Claude Code guide and AI PDFs to spread AsyncRAT malware via Windows attack using PowerShell and Defender exclusions.

Hackers are exploiting the global interest in artificial intelligence (AI) to trick Windows users into downloading malware, according to the latest research from cybersecurity experts at FortiGuard Labs.

In one case spotted by researchers, cybercriminals were distributing a compressed folder disguised as a helpful AI technical guide. The folder was titled “Agentic Coding with Claude Code, The everyday developer’s guide to agentic coding with Claude Code.7z.” It looked completely safe at first glance, but it starts a complex chain of hidden scripts once opened.

Understanding the Multi-Stage Attack Chain

The attack begins when a victim opens a shortcut file (.lnk) inside the compressed archive. This file runs hidden commands using native Windows components like cmd.exe and findstr, and fetches data from files named 3th.pdf and 4th.pdf. that aren’t real documents but storage containers.

Hidden files and the archive (Source: FortiGuard Labs)

Now, the attack chain formally starts with a PowerShell script that drops a secondary script into the system’s AppData folder using AES-CBC decryption. This step transfers the malicious code onto the computer in an unreadable format.

Next, the malware runs a command to add the entire C:\ drive and PowerShell.exe to Microsoft Defender’s exclusion paths to blind the built-in antivirus software so that it ignores the attack. The third step is abusing AutoHotkey.exe, which is renamed to appear as a legitimate Realtek audio service. This helps the malware blend into the background processes flawlessly.

The malware uses process hollowing to create a legitimate .NET process in a suspended state and then injects malicious code into its memory space. This prevents the file from getting stored onto the disk, and the payload easily evades static file scanning.

While this happens, the malware displays readable decoy documents titled “AI-Ready PostgreSQL 18 or A Guide for Thinking Marketers in the Age of AI.” This tricks the victim into thinking the download was safe, completely distracting them from the malicious activity in the background.

AI Mistakes and Malware Deployment

In their report shared with Hackread.com, researchers confirmed that this framework is “purpose-built for stealthy payload delivery” and long-term remote access. The attack chain splits into two branches to drop two specific Remote Access Trojans (RATs).

One branch deploys a modular .NET client with surveillance capabilities, while the other installs AsyncRAT. Both tools allow hackers to monitor user desktops, track mouse movements, and upload basic system information to command-and-control servers like shampobiskworld.nl.

AI Evidence

Interestingly, while determining adversary attribution, researchers found evidence of automated assistance. They noticed that the intermediate PowerShell scripts make heavy use of Simplified Chinese variable names. The code even contains a messy, unedited Chinese comment line and a random emoji.

Attack chain (Source: FortiGuard Labs)

Researchers conclude that human operators may have designed the overall attack logic but used generative AI tools to write the code quickly. The hackers didn’t remember to sanitize and clean up the scripts before launching the campaign.

FortiGuard Labs warns that any organisation can be targeted; therefore, users must monitor for strange scheduled tasks and avoid opening unexpected shortcut files from unverified sources.

Expert Insights

In statements shared with Hackread.com, Ram Varadarajan, CEO at Acalvio, highlighted the danger of the multi-step nature of this campaign, stating, “This class of attack – via compositional opacity — reflects a growing threat class. Essentially, decomposing the attack into multiple, subtle steps, none of which individually raise a flag, but whose cumulative effect causes the damage.”

“We can expect such attacks to become increasingly AI-tuned, hence increasingly subtle, with attacks executed against unwitting humans and AI agents alike. Defending against them will require layered defenses, culminating in AI-aware tripwires,” he warned.

Deeba is a veteran cybersecurity reporter at Hackread.com with over a decade of experience covering cybercrime, vulnerabilities, and security events. Her expertise and in-depth analysis make her a key contributor to the platform’s trusted coverage.
Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

Criminal IP at Infosecurity Europe 2026: Introducing AITEM, the Next Chapter of Attack Surface Management

Torrance, United States / California, 11th June 2026, CyberNewswire

Torrance, United States / California, June 11th, 2026, CyberNewswire

Criminal IP by AI SPERA, a cyber threat intelligence platform delivering decision-ready intelligence and attack surface visibility to security teams worldwide, participated in Infosecurity Europe 2026 at ExCeL London this week, marking the company’s second consecutive appearance at Europe’s leading cybersecurity event. Alongside live demonstrations of Criminal IP’s Attack Surface Management (ASM) capabilities, the company introduced AITEM (AI-based Threat Exposure Management), a conceptual framework representing the next evolution of exposure management in an era increasingly shaped by AI.

From Visibility to Action: Why ASM Must Evolve

Traditional ASM tools have served a critical purpose: helping organizations discover internet-facing assets like servers, domains, IP addresses, and admin panels, before attackers do. But discovery alone is no longer enough.

“Seeing a threat and responding to it are completely different challenges,” said Byungtak Kang, CEO of AI SPERA. “Building a safer cyber world requires a shift from visibility to action. Organizations today have more visibility than ever, fewer can effectively prioritize and act on the risks it reveals. By applying AI to filter noise, enrich context, and guide investigations, security teams can focus on the exposures that matter most and respond in real time, turning insight into meaningful action.”

The gap between detection and action has become even more critical as AI lowers the barrier for attackers. Automated scanning, published proof-of-concept exploit code, and AI-assisted vulnerability discovery mean that threat actors can identify and target exposed assets faster than ever.

In this environment, Criminal IP believes AI agents will increasingly assume repetitive operational tasks that consume security teams’ time today — collecting context, correlating information, and assisting with routine investigative processes — allowing analysts to focus on decision-making, prioritization, and response. This shift in the division of labor between humans and AI forms one of the core ideas behind AITEM.

Introducing AITEM: A Conceptual Framework for AI-Driven Threat Exposure Management

AITEM, as introduced by Criminal IP, envisions the integration of agentic AI into the full CTEM (Continuous Threat Exposure Management) operational cycle, moving beyond asset inventory to encompass threat prioritization, owner attribution, vulnerability impact analysis, and guided remediation.

Key capabilities envisioned under the AITEM framework include:

  • Natural language security operations — Security teams directing workflows in plain language rather than manually configuring complex query logic or alert rules.
  • Automated asset owner identification — When a new external asset is discovered, AI agents query internal systems such as Slack, Confluence, Jira, and email to trace ownership and responsible teams — eliminating one of the most time-consuming steps in ASM operations today.
  • CVE impact triage — Rather than manually checking every new vulnerability, AI continuously monitors newly disclosed vulnerabilities and threat intelligence from global security sources, automatically mapping emerging CVEs to the organization’s live external asset inventory and surfacing only the exposures that require immediate attention.
  • Shadow AI detection — As employees increasingly use unsanctioned AI services, those services become part of the organization’s attack surface. AITEM envisions monitoring for unauthorized AI tool usage through firewall log analysis and domain intelligence.
  • Guided remediation — When immediate patching isn’t feasible, the system suggests mitigation paths: hardening configurations, disabling vulnerable components, or generating escalation tickets with context.

AITEM is not yet a formally defined industry category. It is a framework Criminal IP is introducing to describe where ASM must go, and what Criminal IP ASM is being built toward.

CEO Presentation: From Visibility to Threat Hunting

At Infosecurity Europe 2026, CEO Byungtak Kang delivered a case study session titled “From Visibility to Threat Hunting: A Case Study of AI-Driven Attack Surface Management” as part of the official conference program which was his second consecutive time representing at the event. Drawing from real-world examples, the session explored how threat intelligence and attack surface visibility can support faster investigation and more effective security operations. The introduction of AITEM expanded that conversation by asking what comes next.

The Broader Industry Shift

The direction Criminal IP is pursuing with AITEM aligns with trends observed across the global security industry. Even at the RSAC 2026, agentic AI, AI SOC, and shadow AI detection emerged as defining themes, with major vendors including Cisco/Splunk, Microsoft, and CrowdStrike all signaling a shift from siloed tools toward integrated, AI-driven security operations.

“The competition in ASM is no longer about who finds the most assets,” said Kang. “It will be about who can operate faster, respond more effectively, and mobilize the organization. AI should handle the repetitive analytical work. Humans should focus on judgment, accountability, and prioritization.”

About Criminal IP by AI SPERA

Criminal IP is a cyber threat intelligence solution operated by AI SPERA that provides decision-ready threat intelligence, and attack surface management solutions to security teams worldwide. By continuously scanning the global internet, Criminal IP aggregates and contextualizes threat signals across IPs, domains, URLs, and attack infrastructure, covering malicious indicators, known vulnerabilities, exposed assets, and attacker behavior. Criminal IP’s mission is to give organizations real visibility into their cyber landscape and accelerate threat detection and response by delivering the intelligence needed to outsmart attackers. For more information, users can visit www.criminalip.io

Contact

Michael Sena
AI SPERA
support@aispera.com

Leave a Reply

Your email address will not be published. Required fields are marked *