AI Hype Turns Toxic: How Fake Claude Code Guides Are Silently Deploying AsyncRAT Backdoors + Video

Listen to this Post

🐢▶️ Listen🚀

Introduction:

The explosive global interest in artificial intelligence has created a new frontier for cybercriminals, who are now weaponizing AI-themed lures to deliver devastating malware payloads. FortiGuard Labs recently uncovered a sophisticated high-severity campaign targeting Windows users with booby-trapped files disguised as AI learning resources—including a fake “Agentic Coding with Claude Code” guide. This attack chain demonstrates an alarming evolution in social engineering, where threat actors exploit the AI hype to trick even technical users into executing multi-stage malware that ultimately deploys the AsyncRAT remote access trojan (RAT), granting attackers full control over infected systems.

Learning Objectives:

• Understand the complete 10-stage infection chain of the AI-themed AsyncRAT campaign
• Learn to identify obfuscation techniques including LNK shortcuts, PowerShell staging, and AutoHotkey loaders
• Master detection and mitigation strategies to defend against AI-lured malware attacks

1. The Anatomy of an AI-Themed Malware Archive

The campaign begins with a seemingly harmless compressed archive distributed under enticing titles such as “Agentic Coding with Claude Code, The everyday developer’s guide to agentic coding with Claude Code.7z”. Other observed lures include “AI-Ready PostgreSQL 18: Building Intelligent Data Systems” and “A Guide for Thinking Marketers in the Age of AI”. At first glance, the archive appears benign—its visible contents limited to a single shortcut (LNK) file. However, hidden within are two additional files named `3th.pdf` and `4th.pdf` with the Hidden attribute set, serving as multi-zone storage containers for the malicious payload.

Step-by-Step Analysis of the Initial Lure:

1. Archive Extraction: The victim downloads and extracts the `.7z` archive, seeing only the LNK file in their file explorer.
2. LNK Execution: Double-clicking the shortcut triggers an obfuscated command sequence built from native Windows components (cmd.exe, more, type, findstr).
3. Line Extraction: The LNK treats `3th.pdf` not as a document but as a data container, enumerating specific line ranges (lines 26004–26007) and executing only that extracted content.
4. Staged Progression: Each phase knows only how to retrieve the next phase at a specific offset, ensuring the full payload is never exposed in a single file.

What Undercode Say:

• The archive’s visible simplicity is a deliberate deception—the real threat lies in hidden files and obfuscated commands
• The multi-zone storage technique makes static file analysis ineffective, as the payload is distributed across offsets

2. PowerShell Obfuscation and Cryptographic Payload Extraction

The first extracted block from `3th.pdf` is not the final payload but a short staging script that reads deeper into the file, selecting another limited line range before piping the result directly into PowerShell. The PowerShell stage is invoked with specific flags to evade detection:

powershell.exe -windowstyle hidden -1oProfile -ExecutionPolicy Bypass

Understanding the Flags:

• -windowstyle hidden: Suppresses any visible console window
• -1oProfile (-1op): Prevents interference from user profile scripts
• -ExecutionPolicy Bypass (-ep Bypass): Circumvents the system’s script execution restrictions

The Cryptographic Logic:

The PowerShell script contains sophisticated cryptographic logic:

1. Data Extraction: Searches `3th.pdf` for data wrapped between markers `–BEGIN PGP PRIVATE KEY BLOCK–` and `–END PGP PRIVATE KEY BLOCK–`
   2. Base64 Decoding: Filters out header-like lines and decodes the remaining content from Base64
2. AES Decryption: Uses a fixed password of `”1″` and derives keys through PBKDF2 before decrypting the payload with AES-CBC
3. Script Deployment: The plaintext is interpreted as a PowerShell script saved at `%APPDATA%` as `Cache_{GUID}.ps1` and immediately executed

Detection Commands for Security Analysts:

To identify this activity, monitor for:

 Check for suspicious PowerShell execution with these flags
Get-WinEvent -LogName "Windows PowerShell" | Where-Object { $_.Message -match "-windowstyle hidden.-ExecutionPolicy Bypass" }

Search for recently created .ps1 files in AppData
Get-ChildItem -Path "$env:APPDATA.ps1" -Recurse -File | Where-Object { $<em>.Name -match "Cache</em>..ps1" }

What Undercode Say:

• The use of a fixed password ("1") and PBKDF2 key derivation indicates automation over sophistication
• The cryptographic staging makes the malware highly resistant to signature-based detection

3. Persistence Through Scheduled Tasks and Defender Exclusions

Once the decrypted PowerShell script executes, it establishes persistence and weakens system defenses through multiple mechanisms:

Defender Exclusion:

The malware attempts to add the entire C:\ drive and PowerShell.exe to Microsoft Defender’s exclusion list. This critical step allows subsequent malicious activities to proceed without triggering real-time protection.

Scheduled Task Creation:

The malware creates scheduled tasks disguised as legitimate Realtek audio services. Observed task names include:
– `CheckRealtekAudioVersion`
– `ResetRealtekAudioSettings64`

Fake System Files:

The malware creates fake Windows/Realtek files, leveraging the trusted reputation of legitimate system components to avoid suspicion.

Detection and Remediation Commands:

 List all scheduled tasks created in the last 24 hours
Get-ScheduledTask | Where-Object { $_.Date -gt (Get-Date).AddDays(-1) }

Check for suspicious Realtek-related tasks
Get-ScheduledTask | Where-Object { $_.TaskName -match "Realtek|Audio" }

Review Defender exclusion list
Get-MpPreference | Select-Object -ExpandProperty ExclusionPath
Get-MpPreference | Select-Object -ExpandProperty ExclusionProcess

Remove malicious exclusions (requires administrative privileges)
Remove-MpPreference -ExclusionPath "C:\"
Remove-MpPreference -ExclusionProcess "powershell.exe"

Linux Analogy (for cross-platform understanding):

While this campaign targets Windows, similar persistence mechanisms exist on Linux:

 Check for suspicious cron jobs
crontab -l

Review systemd timers
systemctl list-timers --all

Check for modified sudoers or /etc/hosts.deny
sudo cat /etc/sudoers

What Undercode Say:

• Defender exclusion is a critical “kill chain” step that neutralizes built-in protection
• The Realtek disguise exploits user trust in legitimate audio drivers
• Persistence through scheduled tasks ensures the malware survives reboots

4. AutoHotkey Loader and Process Injection

The campaign abuses AutoHotkey, a legitimate Windows automation tool, as an execution engine. The malicious logic sits in scripts that are harder to fingerprint than compiled binaries, making detection more challenging.

The AutoHotkey Deployment:

Two files posing as Realtek components are actually copies of AutoHotkey, repurposed to run malicious scripts reflectively. The loader performs:

1. Reflective Injection: Injects a .NET remote access trojan and AsyncRAT directly into memory
2. Process Hollowing: Rebuilds a hidden program from numbers in a fake manifest and runs it inside a legitimate .NET process
3. Memory Execution: The payload runs entirely in memory, leaving minimal forensic artifacts

Technical Deep-Dive: Process Hollowing

Process hollowing is a technique where the malware:

1. Creates a legitimate process in a suspended state

2. Allocates memory within that process

3. Writes malicious code into the allocated memory

1. Resumes the process, executing the malicious code under the cover of a trusted system component

Detection Commands:

 Monitor for AutoHotkey execution
Get-Process -1ame "AutoHotkey" -ErrorAction SilentlyContinue

Check for suspicious process creation events (requires Sysmon)
Get-WinEvent -FilterHashtable @{LogName='Microsoft-Windows-Sysmon/Operational'; ID=1} | 
Where-Object { $_.Message -match "AutoHotkey" }

Review process hollowing indicators (suspended processes)
Get-WinEvent -FilterHashtable @{LogName='Microsoft-Windows-Sysmon/Operational'; ID=8} | 
Select-Object -First 20

What Undercode Say:

• AutoHotkey abuse represents a “living-off-the-land” technique that evades application whitelisting
• Process hollowing makes the malware nearly invisible to traditional file-based scanning
• Memory-only execution complicates forensic investigation and incident response

5. Final Payload: AsyncRAT and .NET RAT Deployment

The final stage deploys two distinct .NET payloads:

1. clay_Client: A modular remote access trojan (RAT) tracked by Fortinet
2. AsyncRAT: An open-source Remote Access Trojan written in .NET that beacons to its own command-and-control (C2) server

AsyncRAT Capabilities:

• Full remote access to infected systems
• Keylogging and screen capture
• File system manipulation
• Command execution
• Network traffic encryption using the RijndaelManaged .NET class

Network Detection:

Monitor for unusual outbound connections using:

 Monitor active network connections
netstat -ano | findstr ESTABLISHED

Check for connections to known malicious IPs (using PowerShell)
Get-1etTCPConnection | Where-Object { $_.State -eq "Established" } | 
Select-Object LocalAddress, LocalPort, RemoteAddress, RemotePort, OwningProcess

Review Windows Firewall logs
Get-WinEvent -LogName "Microsoft-Windows-WindowsFirewall/Operational" | 
Where-Object { $_.Id -eq 2004 }

Linux Equivalent (for analysts working cross-platform):

 Monitor active connections
ss -tunap

Check for suspicious outbound connections
sudo netstat -tunap | grep ESTABLISHED

Monitor DNS queries
sudo tcpdump -i any port 53

What Undercode Say:

• The deployment of two separate RATs suggests redundancy and modular attack capability
• AsyncRAT’s open-source nature means threat actors can easily customize and obfuscate it
• The RijndaelManaged encryption makes C2 traffic harder to detect with signature-based IDS/IPS

6. AI-Assisted Malware Development Indicators

One of the most concerning aspects of this campaign is the apparent use of AI assistance during malware development. Several indicators point to AI-generated code:

Indicators of AI-Assisted Development:

• Simplified Chinese variable names: Several intermediate-stage scripts use heavily structured coding style with Simplified Chinese variable names
• Chinese-language semantic abstraction: Custom decryption logic with Chinese comments and function names
• Unsensitized Chinese comments: Code comments remain in Chinese, suggesting rapid AI-assisted generation rather than manual obfuscation
• Highly structured coding style: The code exhibits patterns consistent with AI-generated output

Implications for Defenders:

• AI assistance lowers the barrier to entry for sophisticated malware development
• Threat actors can iterate and improve malware faster than traditional manual development
• Detection must evolve to identify AI-generated code patterns, not just known signatures

What Undercode Say:

• The use of Chinese comments and variable names suggests the threat actor is likely native Chinese or using AI tools trained on Chinese-language code
• AI-assisted malware development represents a paradigm shift in the threat landscape
• Traditional signature-based detection is increasingly ineffective against AI-generated, polymorphic malware

7. Comprehensive Mitigation and Response Strategy

Prevention:

1. Block Unsanctioned Scripting Engines: Isolate or block AutoHotkey and similar tools unless explicitly approved
2. AI Resource Vetting: Provide staff with a vetted internal library of AI resources rather than trusting random downloads
3. Phishing Training: Train developers and technical staff on AI-tool lures specifically
4. Memory Scanning: Tune endpoint tools to scan memory, not just files on disk

Detection:

1. Audit Scheduled Tasks: Regularly review for suspicious tasks, especially those with “Realtek” in the name
2. Monitor PowerShell Activity: Watch for unusual PowerShell execution with hidden windows and bypassed execution policies
3. Network Monitoring: Track outbound traffic for unusual patterns and known malicious IPs

Response (If Detected):

1. Immediate Isolation: Disconnect affected systems from the network immediately
2. Forensic Review: Examine `%LOCALAPPDATA%` and `%APPDATA%` directories for dropped scripts

3. Task Scheduler Cleanup: Remove suspicious scheduled tasks

1. Defender Reset: Remove malicious exclusions and restore default protection settings

Incident Response Commands:

 Isolate system from network (disable network adapter)
Disable-1etAdapter -1ame "Ethernet" -Confirm:$false

Collect forensic evidence
Get-ChildItem -Path "$env:APPDATA.ps1", "$env:LOCALAPPDATA.ps1" -Recurse -ErrorAction SilentlyContinue

Export scheduled tasks for analysis
schtasks /query /fo CSV /v > scheduled_tasks_export.csv

Reset Defender exclusions
Set-MpPreference -ExclusionPath $null
Set-MpPreference -ExclusionProcess $null

What Undercode Say:

• Prevention through user education and tool whitelisting is more effective than reactive detection
• Memory scanning is critical for detecting fileless malware like this campaign
• Incident response must be swift—AsyncRAT can exfiltrate sensitive data within minutes of infection

Prediction:

• -1 The weaponization of AI hype for malware distribution will intensify as generative AI tools become more accessible, lowering the technical barrier for cybercriminals
• -1 AI-assisted malware development will produce increasingly sophisticated, polymorphic code that evades traditional signature-based detection
• -1 The “compositional opacity” trend—attacks split into individually harmless steps—will make detection increasingly challenging for security tools
• +1 Organizations that implement layered defenses (memory scanning, tool whitelisting, and user education) will be better positioned to detect and respond to these threats
• -1 The use of legitimate tools like AutoHotkey and PowerShell in attack chains will continue to grow, making application control and behavioral analysis essential
• +1 The security community’s awareness of AI-lured attacks will improve, leading to better detection rules and threat intelligence sharing
• -1 Small and medium-sized businesses without dedicated security teams remain highly vulnerable to these sophisticated, multi-stage attacks
• +1 The development of AI-powered defensive tools capable of identifying AI-generated malicious code patterns will accelerate in response to this threat
• -1 Threat actors will likely expand beyond AI-themed lures to other emerging technologies (quantum computing, Web3, etc.) using the same playbook
• +1 Increased scrutiny of downloaded “learning resources” and better internal vetting processes will reduce the success rate of these social engineering campaigns

▶️ Related Video (80% Match):

🎯Let’s Practice For Free:

🎓 Live Courses & Certifications:

Join Undercode Academy for Verified Certifications

🚀 Request a Custom Project:

Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands

IT/Security Reporter URL:

Reported By: Flavioqueiroz Asyncrat – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow UndercodeTesting & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky