A group of industry specialists has identified for the first time a macOS malware whose code clearly shows signs of having been generated using artificial intelligence tools . The discovery, announced by experts at Mosyle , marks a quantum leap in the techniques used by cybercriminals and refocuses attention on the risks associated with the criminal use of GenAI.
The malicious campaign, dubbed SimpleStealth , isn’t just a simple Trojan: it’s software distributed through a fake website that mimics a popular artificial intelligence application, tricking users into downloading a supposedly “legitimate” installer . At the time of its release, the malware wasn’t recognized by any major antivirus engines, highlighting the difficulty defense solutions face in keeping up with these new threats.
Once launched, SimpleStealth behaves in a deceptive manner: the interface appears fully functional, displaying AI-generated content as if it were a genuine app.
Only in the background, the software runs a Monero (XMR) cryptocurrency miner, designed to exploit the Mac’s resources without attracting attention. To do this, the malware:
This “stealth” strategy allows the malware to remain active for extended periods, draining resources without obvious signs of compromise.
According to analysts, the real innovative element of SimpleStealth is its use of artificial intelligence in the coding process.
Mosyle researchers identified extremely detailed comments, repetitive logic, and a linguistic mix of English and Portuguese —all typical characteristics of software generated using the Large Language Model (LLM). According to experts, this case demonstrates that using AI to create malware is no longer a theory found on underground forums, but a concrete reality.
This evolution raises much broader concerns: while in the past, creating sophisticated malware required a high level of technical expertise, today AI-based tools can make the process accessible to a much wider range of malicious actors.
Computer security experts advise Mac users to never install software from unofficial or unverified sites , always preferring the App Store or official developer portals. This simple precaution remains one of the most effective defenses against malicious campaigns based on social media deception and domain spoofing.
As AI technologies advance, cybersecurity faces a new frontier of risks, requiring equally innovative defense tools and greater user awareness.
Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.
