SesameOp, a sophisticated backdoor discovered in July 2025, employs a novel approach that capitalizes on the OpenAI Assistants API to enable stealthy command-and-control operations. Instead of relying on traditional infrastructure, this malware disguises its communication as regular traffic, making detection extremely difficult. The backdoor employs a two-component system, starting with a heavily obfuscated loader, Netapi64.dll, which executes the core backdoor functionality, OpenAIAgent.Netapi64. This architecture allows the attackers to issue commands and receive results using encrypted payloads, effectively leveraging a service deemed trustworthy.
Upon installation, SesameOp initiates complex command retrieval processes, encoding critical information such as the infected machine’s hostname in Base64 format. It dives deep into its operational logic, using the OpenAI infrastructure to send and retrieve commands cloaked as routine activity. The malware’s communication loop regularly checks for new commands and executes them, showcasing multifaceted encryption and decryption methods that make its activities nearly invisible. Notably, Microsoft and OpenAI collaborated to address this threat, marking important steps in understanding potential vulnerabilities associated with emergent technologies, especially as OpenAI announces the deprecation of the Assistants API, set for August 2026.
👉 Pročitaj original: Cyber Security News
