- The Transparent Tribe (APT36) hacking group is now using AI to generate malware in lesser-known programming languages like Nim, Zig, and Crystal.
- Their new “vibeware” strategy creates a high volume of disposable, polyglot binaries to overwhelm detection systems, a tactic called Distributed Denial of Detection (DDoD).
- Targets include the Indian government, its embassies, the Afghan government, and private businesses, with attacks often initiated via phishing emails.
- The campaign uses trusted services like Slack, Discord, Supabase, and Google Sheets for command-and-control to blend in with legitimate traffic.
In March 2026, the Pakistan-aligned cyber espionage group Transparent Tribe embraced AI-powered tools to craft a flood of novel malware implants, according to new findings from Bitdefender. This campaign targets the Indian government and its foreign embassies, aiming to overwhelm defenses with volume over sophistication.
The researchers said the activity produces a “high-volume, mediocre mass of implants” using languages like Nim and Crystal. Consequently, this “vibeware” approach, termed Distributed Denial of Detection, complicates security by flooding environments with disposable binaries.
Large language models lower the barrier to cybercrime, enabling threat actors to generate functional code in unfamiliar programming languages. The infection chains typically begin with phishing emails containing malicious Windows shortcut files.
These files execute PowerShell scripts that download backdoors like SupaServ, a Rust-based tool using Supabase for communication. The group also deploys known adversary simulation tools such as Cobalt Strike and Havoc to ensure operational resilience.
Other tools include ZigShell, a backdoor written in Zig, and LuminousStealer, a Rust-based infostealer. Bitdefender warned the real threat is the industrialization of attacks, allowing rapid scaling with less effort.
The researchers noted a convergence of exotic programming languages and the abuse of trusted services. This combination allows even mediocre code to achieve high operational success by overwhelming standard defensive telemetry.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Binance Responds to US Senator Over Sanctions Claims
- Kazakhstan Central Bank to Invest $350M in Crypto
- Canada settles first tokenized bond with digital money
- Sun’s TRX Majority Challenges TRON’s Decentralization Claims
- Tokenized Commodities Market Up 10% to $7.69B
