One of the Most Devious Malware Strains Might Have Been Cracked - and It's All Thanks to Gen AI

Summary

Check Point Research used generative AI, specifically ChatGPT, to semi‑automate the reverse‑engineering of the evasive XLoader infostealer, a malware family active since 2021 and derived from Formbook. By coupling cloud‑based static analysis of IDA Pro outputs with AI‑assisted runtime debugging, the team identified encryption algorithms, generated decryption scripts, extracted encryption keys, and uncovered 64 hidden C2 domains and a new sandbox‑evasion technique called "secure‑call trampoline." The AI‑enhanced workflow accelerated a traditionally manual process, making it faster, repeatable, and easier to share across teams. Check Point emphasizes that AI augments, not replaces, human analysts in malware research.