Vibecoded Malware Is Flooding the Internet

Vibe coding’s dark side, “vibe hacking,” is on the rise. Cybersecurity companies such as McAfee and Bitdefender have observed recent spikes in vibe-coded malware, also called “vibeware,” with telltale signs such as explanatory code comments or template placeholders akin to what vibe-coded apps contain. But just how challenging is it to stop the spread of bad vibes from these emerging cyberattacks?

Researchers at the University College Cork (UCC) in Ireland found that malicious software crafted with the assistance of generative AI have varied code structures that can evade static malware detection, but their nefarious behavior and intent remain the same as traditional malware. The team presented their results last May at the 23rd ACM International Conference on Computing Frontiers held in Italy.

Hackers are taking advantage of the probabilistic nature of generative AI, producing vibeware having multiple variants. “With an AI coding tool, you can say, ‘I want the same functionality, but do it in a different way.’ So you can create malware that’s bespoke to a particular attack you want to do,” says Utz Roedig, a professor of computer science at UCC who led the research.

Anti-malware as usual

Traditional antivirus software uses a combination of static and dynamic analysis tools to screen newly downloaded software. Static analysis employs pattern matching techniques, comparing the cryptographic hash of a file against databases of known malware signatures or employing rule-based engines like YARA, an open-source tool that identifies and classifies malware according to specific binary patterns or strings. Dynamic analysis runs malware in a controlled or sandboxed environment to monitor its actions for suspicious activity.

In their experiments, the team at UCC generated a series of malicious shell scripts designed to steal sensitive data from Linux-based systems. Each shell script iteration was built specifically to bypass YARA rules. While the resulting shell scripts are distinct in terms of code syntax, they remain functionally equivalent.

“Even if you make the program achieve its goal differently, the behavior is the same,” Roedig says. “The structure looks different but you can’t hide the malicious behavior.”

This highlights a necessary shift toward more dynamic and behavior-centric detection strategies.

“Now anyone can generate hundreds of unique variants, so hash matching is pointless,” says Prince Chaddha, a research lead at ProjectDiscovery, an open-source cybersecurity company. “What still works is behavioral analysis. Defenders must go fully behavioral and use AI themselves to catch such malware.” AI can help cybersecurity professionals swiftly spot vulnerabilities in software, but their expertise, judgement, and oversight—along with multiple layers of verification—must be built into the process.

LLMs lower the barrier to malware entry

The UCC researchers also found that vibe coding malware can be accomplished with as few as two prompts. “[Generative AI] makes it more accessible. And that would then mean you probably get more of it because the barrier to create malware lowers,” says Roedig.

Dan Gittis, director of the threat intelligence and detection engineering team at managed security services provider UltraViolet Cyber, echoes the sentiment. “You no longer have to be adept at coding to build malware,” he says. “Threat actors without the experience or skills can start dipping their toes in this field, and those that do have the preexisting skill set can very likely develop even better malware.”

More surprisingly, the UCC team’s AI coding tool of choice, Cursor, didn’t refuse or restrict their malware-related prompts. This emphasizes the need to put up safety guardrails that prevent malicious use cases. Roedig cautions, however, that attackers “probably will tinker with AI models to remove guardrails,” so developers of AI coding tools must also factor in how to defend against getting around those guardrails.

Looking to the future, Gittis believes AI-generated malware could advance and multiply. “There are now more individuals who can serve as capable threat actors, meaning the overall number of cyberattacks could increase. It also means that already capable actors are very likely going to operate faster and more effectively,” he says. “And it means that threat actors may be able to develop more dynamic malware that evolves.”

He points to Google’s discovery of PROMPTFLUX as an example. The PROMPTFLUX malware calls the Gemini API during runtime to rewrite its own source code on demand and dodge detection. This adaptive and regenerative ability “is likely going to be very impactful to how defenders need to operate going forward,” says Gittis.

This constant tug-of-war is nothing new in the world of cybersecurity. “It has always been that attacker and defender go hand in hand. One side invents something and the other side tries to go around it, and you use all tools necessary,” Roedig says.

It’s happening again with vibe hacking and vibeware. But the good news, according to Gittis, is that “defenders have the same resources, if not more. This means that we can increase our capabilities, efficiency, and knowledge of response measures.”