The Reveal Platform
Intel Name: Evilai operators use ai-generated code and fake apps for far-reaching attacks
Date of Scan: September 12, 2025
Impact: High
Summary: EvilAI disguises itself as legitimate productivity or AI tools, using professional interfaces and valid digital signatures to avoid detection. It has spread globally, with the greatest impact seen in Europe, the Americas, and the AMEA region. Targeted sectors include manufacturing, government/public services, and healthcare. The malware exfiltrates browser data and communicates with command servers via AES-encrypted channels. The team mitigates EvilAI threats by blocking IOCs and providing customers with threat hunting tools and intelligence.
