Lamehug

According to CERT-UA, this malware was distributed as a phishing attachment disguised as an AI canvas or image generator application.

LAMEHUG has used the Hugging Face API to query the Qwen2.5-Coder-32B-Instruct LLM to generate one-line Windows commands for the collection of system information and documents in specific folders on compromised hosts. LAMEHUG subsequently executed the returned commands.

During the 2016 Ukraine Electric Power Attack, Sandworm Team used the xp_cmdshell command in MS-SQL. During the 2025 Poland Wiper Attacks, the adversaries leveraged PsExec to run cmd.exe commands on multiple victim machines. Numerous malware families and groups are described as using cmd.exe, cmd /c, Windows command shell, or command-line interfaces to execute commands, payloads, reconnaissance, persistence, cleanup, and ransomware actions.

"Once opened, a decoy PDF appears while the hidden binary executes in the background"

First observation of “just-in-time” AI malware, like APT28’s PROMPTSTEAL, using LLMs in live operations.

Both malware strains can "dynamically generate malicious scripts, obfuscate their own code to evade detection and leverage AI models to create malicious functions on demand," according to the report.

"ZIP archives entitled “Додаток.pdf.zip.” Once opened, a decoy PDF appears while the hidden binary executes in the background"

First observation of “just-in-time” AI malware, like APT28’s PROMPTSTEAL, using LLMs in live operations.

The following analytic detects the enumeration of Windows services using the net start command, which is a built-in utility that lists all running services on a system.

"gather computer, hardware, service, and network information"

"data stolen: system inventories, network layouts, Active Directory hierarchies"

Ember Bear gathers victim system information such as enumerating the volume of a given device; Frankenstein used Empire to gather various local system information; many malware entries state they collect system information from compromised hosts.

The dynamically generated commands enable the malware to gather system information and identify sensitive files before transmitting them across the network to an adversary-controlled server.

Detection should also flag execution of AI-generated command chains invoking utilities like ... dsquery ...

Among the malware families in the intro table, LameHug/PROMPTSTEAL is the cleanest example of this route in the wild: it calls HuggingFace’s Inference API for Qwen 2.5-Coder-32B-Instruct to drive reconnaissance and data theft...

The content repeatedly describes adversaries and malware storing collected data, command output, credentials, archives, or files in local temporary folders, working directories, hidden directories, registry locations, recycle bins, or specific files prior to exfiltration.

Recursively copy documents from various targeted directories into C:\ProgramData\info, consolidating sensitive files for potential exfiltration.

"recursively harvested Office, PDF, and text documents are staged in %PROGRAMDATA%\info"

The dynamically generated commands enable the malware to gather system information and identify sensitive files before transmitting them across the network to an adversary-controlled server.

The content repeatedly describes threat actors, malware, and campaigns using HTTP, HTTPS, HTTP GET/POST, cookies in headers, WebSockets/WSS, and web APIs for command and control or related communications.

LAMEHUG can use SSH to transfer information to C2. ServHelper may set up a reverse SSH tunnel to give the attacker access to services running on the victim, such as RDP.

All of the data and information collected by LAMEHUG malware is exfiltrated to its command-and-control (C2) server.

It uses the Paramiko SSH module for Python to upload the stolen files using hardcoded IP (144[.]126[.]202[.]227) credentials.

"exfiltration via either an SFTP tunnel to 144.126.202.227"

"or an HTTP POST to the compromised domain stayathomeclasses.com/slpw/up.php"