LameHug: The First Publicly Documented Case of a Malware Integrating a LLM

LameHug InfoStealer: Overview and Key Findings

LameHug is a newly identified Python-based infostealer linked to the Russian state-sponsored group APT28 (aka Fancy Bear/Sofacy). Discovered in mid-2025 by Ukraine’s CERT, it represents the first publicly documented case of malware operationally integrating a Large Language Model (LLM) to assist with attacker tasks.

APT28, long known for custom malware and spear-phishing operations, deployed LameHug in a campaign targeting Ukrainian government agencies amid the ongoing Russo-Ukrainian conflict. The malware’s integration of real-time AI-generated commands allows it to adapt to the target environment without updating the binary, a major shift in attacker tradecraft.

Attack Overview: Phishing Entry and Deployment

The campaign began with spear-phishing emails sent from a compromised Ukrainian ministry account, targeting security and defense sector entities. Disguised as official correspondence, the messages contained a ZIP archive named Appendix.pdf.zip (or Dodatok.pdf.zip in Ukrainian).

Inside was a .pif executable, an outdated Windows file type made to look like a PDF icon, packaged with PyInstaller and containing the LameHug payload. This double-extension masquerade (MITRE T1036) and the use of a legitimate hijacked account (MITRE T1586) align with APT28’s established phishing methods.

When executed, the payload ran Python-based code in memory (MITRE T1059.006). No persistence mechanisms were observed; instead, LameHug performed a rapid “smash-and-grab” collection before exiting, consistent with espionage-driven objectives focused on quick exfiltration.

LameHug Malware Capabilities and LLM Integration

LameHug’s defining feature is its use of a cloud-hosted LLM, specifically Alibaba Cloud’s Qwen 2.5-Coder-32B-Instruct accessed via Hugging Face’s API, to generate malicious commands dynamically at runtime.

Base64-encoded prompts (e.g., “gather system information”) are decoded and sent over HTTPS to the model. 

The model returns concise Windows command chains, often combining native utilities like systeminfo, wmic, tasklist, netstat, ipconfig, and dsquery for reconnaissance, or commands to recursively copy targeted documents into %ProgramData%\info\.

This on-demand command generation:

• Avoids static signatures.

• Adapts to the victim’s environment.

• Blends C2 traffic with legitimate API requests (MITRE T1102).

Analysts highlight that unusual outbound calls to AI/ML APIs from endpoints may serve as an early detection heuristic.

Reconnaissance and Data Theft Procedures of the LameHug Infostealer

Once executed, LameHug follows a structured reconnaissance-to-exfiltration workflow, directed by its AI-generated command chains.

Discovery Phase (MITRE TA0007)

LameHug first collects detailed host and network intelligence:

• System Info: OS, hardware, and specs (systeminfo, wmic) — T1082.
• Processes & Services: Running processes (tasklist) and services (net start) — T1057, T1007.
• Network Config: Interfaces, IP details (ipconfig) — T1016.
• Active Directory: Domain users, groups, OUs (dsquery) — T1087.002.

Results are saved to info.txt in %ProgramData%\info\.

Collection Phase (MITRE TA0009)

The malware searches Desktop, Documents, and Downloads for Office, PDF, and TXT files, copying them into %ProgramData%\info\ — T1083, T1005. 

Staging data here (T1074) conceals the activity and simplifies later exfiltration.

Exfiltration Phase (MITRE TA0010)

Two methods have been observed:

• SFTP Transfer: The “AI Image Generator” variant uploads data to 144[.]126[.]202[.]227 on port 22 using hardcoded creds — T1048.
• HTTP POST: The Dodatok.pif variant sends stolen data to stayathomeclasses[.]com/slpw/up[.]php, a compromised site — T1041, T1567.

APT28’s use of hijacked and legitimate infrastructure makes malicious traffic harder to distinguish from normal activity.

Novelty and 2025 Developments in APT28 Campaigns

The LameHug campaign represents a milestone in APT28’s evolution, and potentially in malware development overall, as the first publicly reported case of operational integration between an AI language model and live malware command execution. 

Real-Time Command Generation with LLMs

By offloading command logic to a cloud-hosted model, operators can adapt tasks mid-operation without deploying a new payload. This capability enables rapid adjustment to defensive changes and target specifics. Analysts note this may signal a shift toward fully adaptive campaigns.

Layered Deception and Social Engineering

Later variants added deception layers, one posing as an AI image generator that made legitimate NSFW image requests while executing standard LameHug routines in the background. This tactic blended social engineering with AI-driven automation to mask malicious behavior.

AI-Driven Malware and the Future of ATT&CK Mapping

While current MITRE ATT&CK mappings cover LameHug’s techniques, such as third-party service abuse for C2 (T1102) and living-off-the-land discovery, AI-assisted execution may require new sub-techniques to capture the nuance of dynamic, model-generated commands.

Blending Classic APT28 Tactics with Next-Gen AI Capabilities

In 2025, APT28 retained its proven spear phishing, trusted account compromise, and legitimate infrastructure abuse, but LameHug’s LLM integration represents a leap in operational agility. 

By merging established TTPs with generative AI, APT28 has demonstrated how state-backed actors can refine tradecraft to evade detection and adapt in real time, challenging defenders to anticipate and counter AI-assisted intrusions.

How Picus Helps Defend Against LameHug Malware Attacks?

The Picus Security Validation Platform safely simulates LameHug InfoStealer’s techniques using its continuously updated Threat Library, identifying blind spots across EDRs, NGFWs, and SIEMs before attackers can exploit them. 

You can also test your defenses against hundreds of other infostealer variants, such as Lumma Stealer, Atomic Stealer, and Raven Stealer, within minutes with a 14-day free trial of the Picus Platform.