Overview
- Check Point Research detailed a proof-of-concept dubbed “AI as a C2 proxy” that uses Microsoft Copilot and xAI Grok via their public web interfaces.
- The method prompts the assistant to fetch an attacker-controlled URL, with commands hidden in the page’s HTML that malware on an already-compromised host can parse and execute.
- Automation was demonstrated through a Windows WebView2-based C++ component, enabling malware to interact with the AI interface without user visibility.
- The channel requires no account or API key, and encoded or encrypted data can evade platform safety checks while resembling normal AI web traffic.
- Check Point reported its findings to Microsoft and xAI, framing the issue as service abuse comparable to living-off-trusted-sites and noting related Unit 42 research on client-side LLM misuse.