Red Hot Cyber, il blog italiano sulla sicurezza informatica
Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Select language
Italian Spanish
Search
Crowdstrike 320×100
Banner Ransomfeed 970x120 1
SesameOp: The Malware That Uses OpenAI Assistants for Command and Control

SesameOp: The Malware That Uses OpenAI Assistants for Command and Control

Redazione RHC : 4 November 2025 18:39

Microsoft has discovered a new malware, dubbed SesameOp , and published details of how it works . This backdoor was unusual: its creators used the OpenAI Assistants API as a covert control channel , allowing them to mask activity within the infected system and evade traditional detection tools.

The attack was discovered in July 2025 during the investigation of a complex attack, during which an unknown group remained present on the victim’s infrastructure for several months.

The identity of the targeted organization has not been disclosed, but the investigation revealed the presence of a large network of internal web shells and malicious processes masquerading as legitimate Visual Studio utilities. The malicious code was injected via AppDomainManager : a modified configuration file instructed the executable to load the Netapi64.dll dynamic library containing malicious logic.

The library was heavily obfuscated using Eazfuscator.NET, providing greater stealth. It acted as a loader for the .NET OpenAIAgent.Netapi64 module, which requested instructions via the OpenAI Assistants API. The received commands were first decrypted , then executed in a separate thread, and the results of the execution were returned via the same API. Thus, the OpenAI infrastructure was effectively used as an intermediate control node, undetectable during network traffic analysis.

Communication between the malware and the command and control server occurs via messages containing key parameters in the description field . These can include the SLEEP command (to temporarily suspend activity), the Payload command (to execute nested instructions), and the Result command (to return execution results to the attack operator).

While the attackers’ identities remain unknown, the scheme itself demonstrates a tendency to exploit legitimate cloud services for covert control. This complicates attack detection, as the traffic does not exceed normal corporate API usage. After receiving notification from Microsoft, the OpenAI team conducted an internal review, identified the suspicious key, and blocked the associated account.

According to Microsoft, the use of SesameOp indicates a deliberate attempt to gain long-term access to the infrastructure and control infected computers without the owners’ knowledge. The OpenAI Assistants API platform, through which this control was exercised, will be decommissioned in August 2026 and replaced by the new Responses API.

Immagine del sitoRedazione
The editorial team of Red Hot Cyber consists of a group of individuals and anonymous sources who actively collaborate to provide early information and news on cybersecurity and computing in general.

Lista degli articoli