Microsoft Reports SesameOp Malware Exploiting OpenAI Assistants API in Attacks
Microsoft security analysts have uncovered a sophisticated backdoor malware known as SesameOp. This threat exploits the OpenAI Assistants API, utilizing it as a covert communication channel for command and control. The malware was identified by the Detection and Response Team (DART) during an investigation into a cyberattack that occurred in July 2025.
Details of SesameOp Malware
The SesameOp malware grants attackers persistent access to compromised systems, enabling them to manage infected devices remotely. Unlike traditional malware, which may rely on dedicated malicious infrastructure, SesameOp leverages legitimate cloud services to avoid detection.
Malware Operation
According to Microsoft’s Incident Response team, SesameOp uses the OpenAI Assistants API as both a storage and relay mechanism. This allows it to fetch encrypted commands, which the malware then decrypts and executes on infected systems.
- The malware architecture includes a heavily obfuscated loader.
- It deploys a .NET-based backdoor through .NET AppDomainManager injection.
- Persistence is established using internal web shells and strategically positioned malicious processes.
Data Security Measures
Data harvested during these attacks is encrypted using both symmetric and asymmetric encryption. The information is sent back through the same API channel that the malware utilizes for communication.
OpenAI API Misuse
It is important to note that SesameOp does not exploit any vulnerabilities in OpenAI’s platform but rather misuses existing capabilities of the Assistants API, which is set for deprecation in August 2026. Microsoft, in collaboration with OpenAI, has worked to disable the compromised account and API key used during the attacks.
Recommendations for Mitigation
To counter the SesameOp malware threat, Microsoft recommends several proactive measures:
- Audit firewall logs regularly.
- Enable tamper protection.
- Configure endpoint detection systems to operate in block mode.
- Monitor for unauthorized connections to external services.
As security teams adapt to the integration of LLMs with tools and data through standards like the Model Context Protocol (MCP), they are urged to implement best practices to safeguard these emerging services. For additional information, a free cheat sheet is available, detailing seven essential practices that can enhance security now.
