The EvilAI Goblin Lurks Behind Fake AI Tools

Artificial intelligence is now a double-edged sword. While enterprises adopt AI to streamline workflows, attackers are exploiting the trust around “AI tools” to spread malware worldwide. Trend Micro has uncovered EvilAI, a campaign where threat actors disguise malicious software as polished productivity and AI-enhanced apps. With sleek UIs, valid digital certificates, and cleverly crafted distribution channels, EvilAI infiltrates organizations silently, persisting as a stager and preparing systems for future payloads.

Phase 1: Deception through trust 

The first weapon of EvilAI is disguise. Attackers created seemingly legitimate applications that mimic popular categories of tools employees expect to use daily: PDF editors, recipe managers, workflow boosters, browsers, and document finders. Apps like AppSuite, Epi Browser, JustAskJacky, Manual Finder, OneStart, PDF Editor, Recipe Lister, and Tampered Chef came with professional interfaces and even valid digital signatures obtained through disposable shell companies. This blurred the line between genuine and fake, bypassing both user suspicion and some security checks.

Phase 2: Global reach and targeted victims 

The campaign was not local or opportunistic — it spread across multiple regions at once. Victims emerged in the U.S., India, France, Italy, Brazil, Germany, the U.K., Norway, Spain, and Canada. The impacted workforce came from manufacturing, government, healthcare, technology, and retail, highlighting that attackers aimed at sectors where sensitive data and critical operations intersect.

On the user level, the victims were employees searching for free or “enhanced” AI tools: staff who wanted to edit PDFs, organize recipes, boost workflows, or test new AI-branded software. This reflects a key point: curiosity and productivity needs are being weaponized against end users, exposing both personal credentials and corporate environments.

Phase 3: Breach and persistence 

Once installed, EvilAI began its hidden work. Behind the polished façade, the malware:

• Conducted reconnaissance, mapping system information and security tools.

• Stole sensitive browser data including passwords, cookies, session tokens, and histories, along with system configurations.

• Maintained AES-encrypted channels for real-time communication with command-and-control (C2) servers, enabling attackers to push commands or additional payloads.

• Persisted as a stager, preparing infected hosts for future malware like data stealers or remote access trojans.

Distribution vectors added to the threat’s effectiveness: fake vendor sites mimicking portals, malicious ads, SEO poisoning, and promoted download links on forums and social media.

EvilAI’s ability to evade analysis was strengthened by abusing frameworks like NeutralinoJS for covert file system access, JavaScript payload execution, and process spawning. The use of Unicode homoglyphs to encode malicious content further sidestepped detection.

Phase 4: Mischief multiplied 

EvilAI is not a static piece of malware but an evolving toolkit. Security firms like G DATA and Expel confirmed shared infrastructure behind apps like OneStart, AppSuite, and Manual Finder, revealing coordinated development. Researchers also found 26+ disposable code-signing certificates linked to companies in Panama, Malaysia, Ukraine, and the U.K. — a sign of industrialized malware distribution.

The dual-purpose approach makes EvilAI even more dangerous: users perceive functionality and get some of what they expect from the tool, while the hidden malware silently works in the background. This duality reduces suspicion and extends dwell time, ensuring persistence inside corporate and personal devices.

Trapping the goblin 

EvilAI shows how quickly cybercriminals adapt to trends: from recipe apps to AI-enhanced productivity tools, the lure evolves to match user demand. Organizations must assume that polished design and even valid signatures no longer guarantee safety.

Measures to fend off EvilAI:

• Block unverified downloads: restrict installations from unofficial portals, forums, or promoted ads.

• Scrutinize digital certificates: monitor for disposable or unusual issuers, even when signatures appear valid.

• Enforce strict allowlisting: only approved software should be installed in enterprise environments.

• Monitor anomalies: detect unusual browser activity, AES-encrypted traffic patterns, and NeutralinoJS processes.

• Educate staff: highlight risks of downloading “free AI tools” and teach recognition of suspicious distribution vectors.

• Hunt for persistence: look for reconnaissance behaviors, credential theft, or AES C2 channels that may indicate EvilAI stagers.

EvilAI is not just another trojan, it is a global campaign masquerading as progress, weaponizing curiosity and productivity. In an era where AI trust is high, defenders must balance innovation with vigilance.

The Hacker News

https://thehackernews.com/2025/09/evilai-malware-masquerades-as-ai-tools.html?m=1