In a new analysis focusing on the evolution of operations of the APT36 group (also known as Transparent Tribe), Bitdefender documents the emergence of an AI-assisted malware development model that its researchers term “vibeware.”
Artificial intelligence has not yet produced the all-knowing cyberattacker some feared. What it has produced, however, may be even more insidious: an automated, disposable malware production line that churns out enough variants to saturate defenses.
A new industrial model of the threat
Vibeware designates an AI-driven approach to malware development that prioritizes quantity over quality. The aim is not to craft a brilliant cyberattack, but to produce dozens of variants every day in an automated fashion.
Groups like APT36, a well-documented Pakistani cybercriminal collective, are reportedly capable of sustaining a pace of one new malware variant per day. This industrial tempo allows them to saturate standard defensive telemetry. Each new binary requires analysis, every new signature must be established. Security teams find themselves chasing a continuous stream of minor threats, risking missing the bigger picture.
The researchers labeled this strategy as DDoD for Distributed Denial of Detection, an analogy to classic DDoS attacks that overwhelm a server through volume. DDoD overwhelms the analytical and detection capabilities of cyber teams with a steady stream of refreshed code. The goal is not to outpace defenses with technical prowess, but to exhaust the defenders.
Exotic languages to reset detections
One of vibeware’s most effective technical levers lies in the use of unusual programming languages. Detection engines are largely optimized to analyze code written in C++, C#, or .NET. Attackers have understood this well.
Thanks to LLMs, it is now possible to port the logic of an existing malware into a niche language without prior expertise. The languages favored by APT36 include:
- Nim : representing less than 0.1% of the TIOBE index, this language compiles to C or C++ but uses a unique runtime. Security scanners often categorize it as “unknown” rather than “malicious.” It is used as a stealth wrapper to mask older payloads.
- Zig : used for tools like ZigShell or ZigLoader, this language offers high performance while evading behavioral signatures of EDR solutions.
- Crystal : also too rare to have established signatures in many endpoint detection tools.
To these niche languages are added Rust and Go, more widely known but valued for their memory stability in heavy-duty tasks such as mass data exfiltration.
The strategic effect is twofold: resetting detection (each new language forces security tools to start from zero) and AI-facilitated accessibility, which enables attackers without specialized expertise to generate functional code in these languages.
Living Off Trusted Services: hiding in legitimate traffic
Vibeware also excels at abusing legitimate cloud services for its command-and-control channels. This technique, known as Living Off Trusted Services (LOTS), involves leveraging platforms like Google Sheets, Discord, Slack, or Supabase as C2 infrastructure.
The most documented example is SheetCreep, a C# malware that turns a Google Drive spreadsheet into a real admin dashboard. Its operation is precise:
- The malware periodically queries a specific spreadsheet to fetch instructions.
- Commands are Base64-encoded and then encrypted with DES (ECB mode).
- Execution results are returned in the spreadsheet cells via the Google Drive API.
- The infrastructure is organized into dedicated tabs:
unenc_requests,unenc_outputs,unenc_heartbeats,unenc_systems.
Other tools in the APT36 fleet rely on Discord (CrystalShell), Slack (ZigShell), Firebase and Supabase for session management and stolen data storage, or on Microsoft Graph API via the infostealer MailCreep. Azure Front Door is also used to mask malicious communications within legitimate HTTPS traffic.
AI plays a decisive accelerating role here: these platforms have abundant public documentation and well-documented SDKs that appear in the LLM training data. Generating stable integration code for Google Sheets or Discord has become trivial, even for attackers without deep technical skills.
The limits of vibeware
It would be inaccurate to portray vibeware as a technological breakthrough because AI-generated code is often derivative, inconsistent, and prone to critical logical errors.
Several documented cases illustrate these flaws:
- Binaries deployed with the C2 server URL left as a placeholder (empty template), making data exfiltration impossible.
- Components that crash as soon as the logic reaches a moderate level of complexity.
- In the CrystalShell case, the absence of a bot-to-bot communication protocol would have generated useless “broadcast storms,” and the status command would reset the metric it was supposed to measure.
- Tools that fail to purge their own temporary files after execution, facilitating post-attack forensic analysis.
This structural fragility explains why groups like APT36 continue to rely on traditional and proven frameworks (Cobalt Strike or Havoc) as a safety net. The vibewire tools are not yet reliable enough to shoulder the burden of a critical operation on their own.
By nature, LLMs are trained on public repositories like GitHub: they remix existing patterns without inventing new attack methodologies. They lack a genuine understanding of security context.
How to defend: shifting from static to behavioral
In the face of vibeware, a signature-based defense is structurally ill-suited. Recommendations converge toward a dynamic, behavior-focused approach.
> Prioritize behavioral analysis. Process injection or process hollowing remain constants, regardless of the language used. EDR/XDR solutions should monitor these behaviors rather than binary signatures. Monitoring user-write directories (%APPDATA%, %TEMP%) and regular memory scanning complement this setup.
> Audit cloud services. Persistent connections to Discord, Slack, or Google Sheets from unverified binaries should be treated as potential indicators of compromise. Strict monitoring of these platforms is essential in sensitive environments.
> Complicate the post-intrusion phase. The actual hacking operations remain manual. Reducing the attack surface to introduce friction during lateral movement, strictly filtering LNK, ZIP, or ISO files received by email, and keeping browsers up to date to benefit from mechanisms like App-Bound Encryption (ABE) are all measures that force the attacker to use heavier and thus more detectable methods.
> Rely on mature SOC or MDR. Given the cadence of variant production (sometimes one per day), only 24/7 monitoring can distinguish the vibeware’s noise from genuine critical intrusions.
Vibeware is not the advent of a superhuman cyber attacker. It is the industrialization of mediocre cybercrime. And that is precisely why it deserves sustained attention.
