The HYAS EyeSpy proof-of-concept (PoC)signifies a remarkable advancement in potential adversary capabilities, which we suspect may make its appearance on the cyber battlefield in the near future. The EyeSpy is an entirely new type of polymorphic, fully autonomous malware. The malware uses artificial intelligence to make informed decisions and synthesize its capabilities as needed to conduct cyberattacks and continuously morph to avoid detection.
As cited in the EyeSpy proof-of-concept and demonstrated in the video, the initial step performed by EyeSpy involves synthesizing and reflecting code to retrieve information about the running processes on the system. As a non-weaponized version, we just outputted the process list to a log file on-disk.
In the video, EyeSpy waits for user activity related to one of the targeted processes that it previously mapped to a specific capability. When the user initiates interaction with Zoom, this serves as a trigger for EyeSpy to take further action. In response, EyeSpy generates source code to capture microphone audio. This prompt and the other two prompts used to generate malicious capabilities can be found in the Prompt Functionality: Microphone Capture.
Want to learn more about EyeSpy or how HYAS detects and identifies adversary infrastructure hidden deep within networks? Please reach out to us at email@example.com or book a private consultation with us. We look forward to hearing from you!