Microsoft: SesameOp Malware Exploits OpenAI API in Attacks
▼ Summary
– Microsoft discovered SesameOp, a new backdoor malware that uses the OpenAI Assistants API as a covert command-and-control channel.
– The malware enables attackers to gain persistent access and remotely manage compromised devices for long-term espionage operations.
– SesameOp fetches encrypted commands via the OpenAI API, executes them on infected systems, and transmits stolen data back through the same channel.
– Microsoft and OpenAI collaborated to disable the malicious account and API key, noting the malware misused legitimate API features rather than exploiting vulnerabilities.
– Microsoft recommends auditing firewall logs, enabling tamper protection, and monitoring external connections to mitigate such attacks.
Microsoft security experts have identified a sophisticated backdoor called SesameOp that cleverly uses the OpenAI Assistants API as a hidden command-and-control channel. This discovery came during an investigation into a cyberattack from July 2025, where the malware provided attackers with lasting access to compromised systems.
By using legitimate cloud services instead of setting up suspicious infrastructure, the threat actors managed to remotely control infected devices for months without raising alarms. This approach makes detection much harder, as it blends malicious traffic with normal, trusted web activity.
A Microsoft Incident Response report explains that SesameOp avoids traditional communication methods. Instead, it uses the OpenAI Assistants API to secretly retrieve and relay instructions. A specific part of the backdoor connects to the API, downloads compressed and encrypted commands, and then carries them out on the victim’s machine. Any stolen data is also encrypted, using both symmetric and asymmetric methods, and sent back through the same API route.
The attack begins with a heavily disguised loader and a .NET-based backdoor, which gets installed by injecting code into various Microsoft Visual Studio tools. To maintain long-term access, the attackers deploy internal web shells and carefully position malicious processes, clearly aiming for extended espionage rather than a quick hit.
It’s important to note that SesameOp does not take advantage of any security flaw in the OpenAI platform. Rather, it misuses the standard, intended features of the Assistants API, a service OpenAI plans to retire in August 2026. Microsoft and OpenAI worked together to trace the malicious activity, identify the account involved, and revoke its API key.
Microsoft emphasizes that the stealthy design of SesameOp matches its purpose: achieving long-term persistence for spying operations. To defend against such threats, the company recommends that security teams review firewall logs, activate tamper protection, set endpoint detection to block mode, and keep a close watch on any unexpected connections to outside services.
(Source: Bleeping Computer)
