News

Microsoft Uncovers “SesameOp” Backdoor Using OpenAI API for Stealth Commands

Basio badrBasio badr
ago 5 hours
Microsoft Uncovers “SesameOp” Backdoor Using OpenAI API for Stealth Commands

Microsoft has revealed a sophisticated backdoor, named SesameOp, which utilizes the OpenAI Assistants Application Programming Interface (API) for stealth command and control (C2) operations. This malware is designed to facilitate covert communication and execution of malicious activities within compromised environments.

Overview of SesameOp

Discovered in July 2025, SesameOp has been linked to a complex security breach where unknown threat actors maintained long-term access to the targeted systems. The cybercriminals have employed advanced methods, including the use of internal web shells that execute commands via strategically positioned malicious processes.

Technical Details

The primary elements of SesameOp include:

  • Loader Component: The loader “Netapi64.dll” is pivotal in facilitating the backdoor’s operations.
  • Backdoor Component: “OpenAIAgent.Netapi64” acts as the backbone of the malware, utilizing the OpenAI API to retrieve encrypted commands.

This backdoor effectively maintains persistence within the compromised system and allows the attacker to manage devices covertly. It signifies a clear objective of long-term surveillance and espionage.

Functionality of the Malware

SesameOp operates in several stages:

  • Command Retrieval: It fetches commands using the OpenAI API, which are then executed by the malware.
  • Result Transmission: After execution, the results are sent back to OpenAI as messages, indicating the completion of tasks.

The DLL is notably obfuscated with a tool known as Eazfuscator.NET, enhancing its stealth capabilities. Its injection into the host executable is achieved through .NET AppDomainManager injection, initiated by a tailored .config file associated with the executable.

OpenAI’s Response to SesameOp

Microsoft shared its findings with OpenAI, leading to the identification and deactivation of a specific API key and account utilized by the attackers. This incident underscores the ongoing misuse of legitimate tools for malicious endeavors, enabling perpetrators to blend in with typical network activities and evade security measures.

Conclusion

The SesameOp backdoor highlights an evolving threat landscape where cybercriminals exploit sophisticated technologies for nefarious purposes. As organizations confront such advanced threats, the importance of robust security strategies and adaptive responses becomes increasingly critical.

Related Posts

Habitat for Humanity Hosts Rural Community Rally

Habitat for Humanity Hosts Rural Community Rally

Basio badr 4 Nov 2025

Hopkinton Update: No Local Voting on Tuesday, Nov. 4

Hopkinton Update: No Local Voting on Tuesday, Nov. 4

Basio badr 4 Nov 2025

Jimmy Carter Instilled the Value of Lifelong Work in Me

Jimmy Carter Instilled the Value of Lifelong Work in Me

Basio badr 4 Nov 2025

‘Sopranos’ Star Was Original Choice for ‘Bad Santa’ Role

‘Sopranos’ Star Was Original Choice for ‘Bad Santa’ Role

Basio badr 4 Nov 2025

Essential Voting Information for DeKalb County Residents

Essential Voting Information for DeKalb County Residents

Basio badr 4 Nov 2025

Court Denies Trump’s Federal Elections and Voter Registration Control Attempt

Court Denies Trump’s Federal Elections and Voter Regist...

Basio badr 4 Nov 2025