DeepLocker- a new AI powered Highly Targeted and Evasive Malware

network security news

Security researchers at IBM research developed a new breed of highly targeted and evasive malware named DeepLocker which is powered by Artificial intelligence.

“IBM Research developed DeepLocker to better understand how several existing AI models can be combined with current malware techniques to create a particularly challenging new breed of malware. “

The malware can conceal its intent until it reaches the target victim and infects the system as soon as the AI model identifies the target through indicators like facial recognition, geolocation and voice recognition.

The malware is designed to be stealthy and flies under the radar of antivirus detections and activates itself when the target is identified.

You may be interested in reading: Flaw in WhatsApp allows Hackers to Interpret and Modify Messages

Working of DeepLocker malware

The malware hides its payload in benign carrier applications such as a video conference software which helps to avoid detection of antivirus software and malware scanners.

The DeepLocker malware is designed in a way that the malicious payload will be only executed when the intended target is recognized. This is performed using a deep neural network (DNN) AI model.


“The AI model is trained to behave normally unless it is presented with a specific input: the trigger conditions identifying specific victims. The neural network produces the “key” needed to unlock the attack. DeepLocker can leverage several attributes to identify its target, including visual, audio, geolocation and system-level features.”

The researchers demonstrated the capabilities of DeepLocker malware by designing a proof of concept camouflaging WannaCry ransomware in a video conferencing application, and it remained undetected by any antivirus or malware tools.

It will remain undetected until the target is identified through facial recognition. The target can be identified using publicly available photos of the target.

“While a class of malware like DeepLocker has not been seen in the wild to date, these AI tools are publicly available, as are the malware techniques being employed — so it’s only a matter of time before we start seeing these tools combined by adversarial actors and cybercriminals. In fact, we would not be surprised if this type of attack were already being deployed.” said in the report published by IBM researchers.

The IBM researchers said they will provide more details in the live demo at Black Hat USA security conference in Las Vegas.

You may be interested in reading: Researchers Discovered Critical Flaws in 4 Smart City System



Please rate this content