Fake AI Guides Spread AsyncRAT Malware via Dev Tools

Threat actors are now packaging malware as fake AI study guides and developer tools, luring professionals into a multi-stage attack that ultimately deploys the AsyncRAT trojan. This sophisticated campaign specifically targets individuals searching for AI learning materials, preying on the high demand for artificial intelligence expertise.

According to a new analysis from Fortinet’s FortiGuard Labs, the malicious files bear deceptive names such as “AI-Ready PostgreSQL 18” and a counterfeit guide to agentic coding with Claude Code. The campaign is designed to infect Windows users across any organization, and it operates entirely through trusted system tools to evade detection.

For more context on similar threats, see the related report on fileless AsyncRAT attacks: Fileless Malware Deploys Advanced RAT via Legitimate Tools.

The attack chain begins with a lure that exploits the hunger for AI knowledge. “Attackers are now packaging malware as trusted learning content,” explained Diana Kelley, CISO at Noma Security. She urged security teams to treat downloaded documents and training assets as part of the software supply chain.

Inside the archive, victims find a shortcut (LNK) file and two hidden documents. Opening the LNK triggers a cascade of scripts, each pulling the next stage from hidden offsets within a single PDF-named data file. The scripts decrypt and execute sequentially, all while the user remains unaware.

To maintain stealth, the attack plants scheduled tasks disguised as Realtek audio services and opens a clean decoy document. This gives the victim the impression of a harmless file, while PowerShell stages run silently in the background.

The two files posing as Realtek components are actually copies of AutoHotkey, a legitimate automation tool repurposed as an execution engine. Because the malicious logic resides in scripts rather than compiled binaries, it is much harder for traditional security tools to fingerprint.

One branch of the attack rebuilds a hidden program from numbers embedded in a fake manifest. It uses process hollowing to run that program inside a legitimate . NET process. The manifest yields two . NET payloads: a modular remote access trojan (RAT) that Fortinet tracks as clay_Client, and AsyncRAT, which communicates with its own command-and-control (C2) server.

John Gallagher, VP at IoT cybersecurity firm Viakoo, described this as “an existing attack vector, just performed more quickly and made more stealthy” with AI assistance. He recommended blocking unsanctioned scripting engines like AutoHotkey to shut down this technique entirely.

Indicators of AI-assisted development are visible in the code itself. The Windows functions hide behind aliases drawn from Chinese mythology, and unsanitized Chinese comments suggest generative AI was used to speed up the build while a human set the attack logic.

Ram Varadarajan, CEO of decryption technology firm Acalvio, sees this as part of a broader trend he calls “compositional opacity.” These attacks split into multiple steps, each appearing harmless on its own, making them difficult to detect in isolation.

Fortinet and the analysts recommend layered defenses to prevent such cyberattacks:

• Block or isolate unsanctioned scripting engines such as AutoHotkeyKelley also suggested providing staff with a vetted internal library of AI resources, rather than leaving them to trust random downloads from the internet.