MuddyWater’s Operation Olalampo Targets MENA with AI Malware

The Iranian cyber-espionage group MuddyWater has targeted entities across the Middle East and North Africa since late January 2026 with a sophisticated new malware suite, according to a report published by Group-IB. This campaign, codenamed Operation Olalampo, involves phishing emails with malicious documents that deploy a range of custom tools.

Consequently, the attack chains ultimately drop downloaders like GhostFetch and HTTP_VIP, which fetch advanced backdoors. One notable implant is a Rust-based backdoor named CHAR, which is controlled via a Telegram bot for remote command execution.

Meanwhile, a separate downloader variant leads to GhostBackDoor, granting attackers an interactive shell and file control. Analysts found that CHAR’s source code contains emojis in debug strings, suggesting “signs of artificial intelligence (AI)-assisted development”.

This finding aligns with previous observations that the group experiments with generative AI for malware creation. Furthermore, CHAR shares structural similarities with another Rust malware, BlackBeard, previously used by the same actor.

The group has also been observed exploiting recent vulnerabilities on public-facing servers for initial access. Group-IB concluded that the operation highlights MuddyWater’s dedication to expanding its technical capabilities and regional focus.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

• CZ Sees Crypto Capital Moving to RWAs and Prediction Markets
• 72% Chance Bitcoin Falls Below $55K By 2026
• AI Agent ‘Accidentally’ Sends $441K in Crypto Beggar Scam
• Bitcoin Crash Sparks Extreme Fear, $458M Liquidated
• Curve Founder Says Disagreements Signal a Healthy, Active DAO