Fake AI Guides and Dev Tools Used to Deliver AsyncRAT Malware in Multi-Stage Attack
Threat actors are distributing AsyncRAT malware through fake AI study guides and developer resources, using a multi-stage infection chain that leverages trusted system tools for stealth.
Cybercriminals are exploiting the surging demand for artificial intelligence knowledge by disguising malware as AI study guides and developer resources, according to new analysis from Fortinet's FortiGuard Labs. The campaign targets Windows users across organizations with booby-trapped files named "AI-Ready PostgreSQL 18" and a fake guide to agentic coding with Claude Code, ultimately delivering the AsyncRAT remote access trojan.
The attack begins with an archive containing a shortcut (LNK) file and two hidden documents. When opened, it triggers a chain of scripts that each pull the next stage from hidden offsets inside a PDF-named data file, decrypting and executing as they go. The malware plants scheduled tasks disguised as Realtek audio services and opens a clean decoy document, so the victim sees a harmless file while PowerShell stages run silently in the background.
Two files posing as Realtek components are actually copies of AutoHotkey, a legitimate automation tool repurposed as an execution engine. This allows the malicious logic to reside in scripts that are harder to fingerprint than compiled binaries. One branch rebuilds a hidden program from numbers in a fake manifest and uses process hollowing to run it inside a real .NET process. The manifest yields two .NET payloads: a modular remote access trojan Fortinet tracks as clay_Client, and AsyncRAT, which beacons to its own command-and-control server.
AsyncRAT is a well-known open-source remote access trojan that enables surveillance, keylogging, screen capture, and data theft. The campaign runs entirely through trusted system tools to stay hidden, making it a fileless attack that evades traditional signature-based detection. John Gallagher, VP at IoT cybersecurity firm Viakoo, described it as "an existing attack vector, just performed more quickly and made more stealthy" with AI, adding that blocking unsanctioned scripting engines like AutoHotkey would shut the technique down.
Fortinet researchers noted signs of AI-assisted malware development in the code. Windows functions are hidden behind aliases from Chinese mythology, and unsanitized Chinese comments point to generative AI speeding up the build while a human sets the attack logic. Ram Varadarajan, CEO of decryption technology firm Acalvio, said this is part of a broader trend he calls "compositional opacity" — attacks that split into steps and seem harmless on their own.
The campaign highlights a growing threat where attackers package malware as trusted learning content. Diana Kelley, CISO at Noma Security, urged teams to treat downloaded documents and training assets as part of the software supply chain. Fortinet and analysts recommend layered defenses: blocking or isolating unsanctioned scripting engines like AutoHotkey, tuning endpoint tools to scan memory rather than just files on disk, auditing scheduled tasks, and watching for unusual PowerShell and outbound traffic. Kelley also suggested giving staff a vetted internal library of AI resources rather than leaving them to trust random downloads.