CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Malware & Threats

SesameOp Malware Abuses OpenAI API

A component of the newly discovered SesameOp backdoor uses the API to store and relay commands from the C&C server. The post SesameOp Malware Abuses OpenAI API appeared first on SecurityWeek.

Malware

A threat actor has abused the OpenAI Assistants API as a communication mechanism between its command-and-control (C&C) server and a stealthy backdoor, Microsoft reports.

Dubbed SesameOp, the backdoor was deployed as part of a sophisticated attack in which the threat actor maintained access to the compromised environment for months, relying on a complex network of web shells for command execution.

The commands, Microsoft says, were relayed through malicious processes that abused compromised Visual Studio utilities to load malicious libraries, a technique referred to as .NET AppDomainManager injection.

Enabling the attackers to manage infected devices remotely, SesameOp was designed for long-term persistence, suggesting the attack was aimed at espionage.

The attackers, Microsoft explains, modified the configuration file of a host executable so it would load at runtime a DLL named Netapi64.dll, using .NET AppDomainManager injection.

The DLL acts as a loader for the backdoor, which is saved in the Temp folder under the name OpenAIAgent.Netapi64.

The malware uses the OpenAI Assistants API to fetch commands from its C&C server and, once the task has been completed, it sends the result to OpenAI, as a message.

The OpenAI Assistants feature enables the creation of custom AI agents that users can associate with tasks, workflows, and domains.

When establishing communication, the backdoor first queries a vector store list from OpenAI, and checks if it contains hostnames. No hostname should exist if the communication takes place for the first time, and a vector store is created using the infected system’s hostname.

Next, the backdoor retrieves a list of Assistants from the attacker’s OpenAI account. The list includes ID, name, description, and instructions variables.

The description field may contain the options Sleep, Payload, or Result. The attackers use the first two to send messages and payloads to the backdoor, which are decoded and executed using the instruction value. The third is used by the malware to send the result from the payload’s execution.

Microsoft says it identified an API key used in this attack and notified OpenAI, which disabled both the key and the associated account that was likely used by the threat actor as part of the operation. The OpenAI Assistants API will be deprecated in August 2026.

Related: Russian APT Switches to New Backdoor After Malware Exposed by Researchers

Related: China-Linked Hackers Hijack Web Traffic to Deliver Backdoor

Related: Microsoft Dissects PipeMagic Modular Backdoor

Related: MITRE Hackers’ Backdoor Has Targeted Windows for Years

Latest News

CYBERNEWSMEDIAPublisher