Threat actors have been disguising malware as AI study guides and developer resources to trick professionals into running a multi-stage attack that ends in the AsyncRAT trojan.
New analysis from Fortinet’s FortiGuard Labs described booby-trapped files with names like “AI-Ready PostgreSQL 18” and a fake guide to agentic coding with Claude Code, all aimed at people hunting for AI learning material.
The campaign hits Windows users at any organization, the researchers said, and runs entirely through trusted system tools to stay hidden.
Read more on fileless AsyncRAT attacks: Fileless Malware Deploys Advanced RAT via Legitimate Tools
Fake Guides Open a Staged Chain
The lure plays on the demand for AI know-how. “Attackers are now packaging malware as trusted learning content,” said Diana Kelley, CISO at Noma Security, who urged teams to treat downloaded documents and training assets as part of the software supply chain.
Inside the archive sits a shortcut (LNK) file and two hidden documents. Opening it triggers a chain of scripts that each pull the next stage from hidden offsets inside one PDF-named data file, decrypting and executing as they go.
It plants scheduled tasks disguised as Realtek audio services and opens a clean decoy document, so the victim sees a harmless file while the PowerShell stages run silently.
The two files posing as Realtek components are really copies of AutoHotkey, a legitimate automation tool repurposed as an execution engine, so the malicious logic sits in scripts that are harder to fingerprint than compiled binaries.
One branch rebuilds a hidden program from numbers in a fake manifest and uses process hollowing to run it inside a real .NET process. The manifest yields two .NET payloads: a modular remote access trojan (RAT) Fortinet tracks as clay_Client, and AsyncRAT, which beacons to its own command-and-control (C2) server.
John Gallagher, VP at IoT cybersecurity firm Viakoo, said it was “an existing attack vector, just performed more quickly and made more stealthy” with AI. He added that blocking unsanctioned scripting engines like AutoHotkey would shut the technique down.
Signs of AI-Assisted Malware
The Windows functions hide behind aliases from Chinese mythology and unsanitized Chinese comments point to AI-assisted development, with generative AI speeding up the build while a human sets the attack logic.
Ram Varadarajan, CEO of decryption technology firm Acalvio, said this is part of a broader trend he calls “compositional opacity”, attacks that split into steps and seem harmless on their own.
Fortinet and the analysts pointed to layered defenses to prevent such cyber-attacks:
-
Block or isolate unsanctioned scripting engines such as AutoHotkey
-
Tune endpoint tools to scan memory, not just files on disk
-
Audit scheduled tasks and watch for unusual PowerShell and outbound traffic
-
Aim phishing training at developers, using fake AI-tool lures
Kelley also suggested giving staff a vetted internal library of AI resources, rather than leaving them to trust random downloads.
