AI-Generated Malware Slopoly Linked to Interlock Ransomware Attack

Cybersecurity researchers are warning that generative AI is beginning to reshape how ransomware operations are developed and executed. A recently discovered malware strain known as Slopoly has been linked to an Interlock ransomware attack, highlighting how attackers are increasingly using AI-assisted tooling to infiltrate enterprise systems and remain undetected for extended periods.

Investigators say the malware played a key role in maintaining unauthorized access to a compromised server for more than a week. During that time, attackers were able to quietly collect sensitive data before the intrusion was detected. The incident illustrates how generative AI is beginning to influence real-world cybercrime operations by accelerating malware development and enabling rapid experimentation with new attack techniques.

Unlike traditional ransomware tools that often rely on known malicious signatures, Slopoly appears to have been created using AI-assisted development methods that generate functional but previously unseen code patterns. Security researchers say this makes the malware harder for conventional detection systems to identify, especially when attackers continuously modify or regenerate parts of the payload.

The operation was attributed to a threat actor known as Hive0163, which used the Slopoly backdoor to support an Interlock ransomware campaign. Analysts say the malware’s primary advantage was not its complexity but its speed of creation and adaptability.

“The Slopoly backdoor, deployed by Hive0163 during an interlock ransomware attack, is a concrete signal that AI-assisted malware development has entered active criminal operations,” said Mayank Kumar, Founding AI Engineer at DeepTempo.

“This represents only the initial phase of an emerging arms race between adversarial AI and defenders. We will definitely see more of these, attackers maintaining persistent server access for over a week, not with sophisticated code but with LLM generated tooling that was good enough, fast enough and novel enough to evade detections.

Mapped against the Zero Day Clock’s finding that over 60% of the attacks now involve previously unseen techniques, Slopoly is a pattern, not an anomaly and these sorts of novel attacks are now likely an epidemic. Security architectures built around known signatures and human-paced attack timelines are structurally mismatched to this reality. Defenders need adaptive, behavior-based systems, because by the time a known-bad indicator exists, the damage is already done.”

Security researchers say the rise of AI-generated malware reflects a broader shift in the cyber threat landscape. Instead of writing every line of malicious code manually, attackers can now generate working tools in a fraction of the time using large language models. That dramatically lowers the barrier for new entrants into cybercrime and allows experienced operators to move faster.

“The Slopoly discovery reinforces a trend we are watching closely,” said Darryl Baker, Senior Staff Security Researcher at Netwrix.

“AI is lowering the barrier for attackers by accelerating how quickly malware can be created and modified. Capabilities that once required deep technical expertise can now be generated by large language models in hours.

The bigger risk is the speed of iteration. Faster development means attackers can test more variants and adapt their tactics quickly.

But malware itself is rarely the root cause of a successful ransomware attack. Most campaigns succeed because attackers gain access to identities with excessive privileges and then move through the environment to find sensitive data. As AI accelerates the offensive side, organizations need stronger visibility into identity permissions and where sensitive data is exposed so they can limit how far an attacker can go once inside.”

The emergence of Slopoly also highlights how ransomware groups are experimenting with AI to maintain persistence inside corporate environments. Instead of immediately launching encryption attacks, operators can remain hidden while gathering intelligence and locating valuable data.

Security leaders say enterprises should prepare for a new generation of AI-enabled cyber threats by focusing on behavioral detection, identity security, and faster threat response capabilities.

As generative AI continues to advance, the same technologies transforming productivity across industries are also becoming powerful tools for cybercriminals. The Slopoly incident suggests that the race between attackers and defenders is entering a new phase, one where machine-speed experimentation may define the future of ransomware campaigns.