- SesameOp malware makes use of OpenAI’s Assistants API as a covert command-and-control channel
- It permits persistent entry, runs instructions, and exfiltrates knowledge through encrypted API site visitors
- Microsoft urges firewall audits, tamper safety, and endpoint detection to mitigate threats
To have the ability to function correctly, malware wants a option to talk with its “headquarters” – the command & management (C2) server – which is without doubt one of the common methods cybersecurity researchers determine malware – by taking a look at suspicious communications – which is why crooks go to lengths to attempt to cover these “conversations” in plain sight.
Not too long ago, safety researchers from Microsoft found a brand new piece of malware that makes use of a artistic manner of hiding this dialogue, abusing OpenAI’s Assistants API, a programming interface that lets builders combine OpenAI’s AI “assistant” capabilities into their very own purposes, merchandise, or providers.
“Instead of relying on more traditional methods, the threat actor behind this backdoor abuses OpenAI as a C2 channel as a way to stealthily communicate and orchestrate malicious activities within the compromised environment,” the Microsoft Incident Response team said in the report. “To do this, a component of the backdoor uses the OpenAI Assistants API as a storage or relay mechanism to fetch commands, which the malware then runs.”
Used for espionage
The malware is named SesameOp, and was discovered in July 2025. It grants its attackers persistent access to the compromised environment, as well as usual backdoor capabilities. All of the information grabbed in the attacks is then encrypted and shipped back through the same API channel.
It is also worth emphasizing this is not a vulnerability in OpenAI’s platform, but rather a built-in capability of the Assistants API which is being abused. According to BleepingComputer, the API itself is scheduled for deprecation in August 2026 anyway.
“The stealthy nature of SesameOp is consistent with the objective of the attack, which was determined to be long term-persistence for espionage-type purposes,” Microsoft added.
Those worried about potential SesameOp malware attacks should audit their firewall logs, enable tamper protection, and configure endpoint detection in block mode. Furthermore, they should also monitor for unauthorized connections to external services.
Via BleepingComputer
One of the best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our knowledgeable information, opinions, and opinion in your feeds. Be sure that to click on the Comply with button!
And naturally it’s also possible to follow TechRadar on TikTok for information, opinions, unboxings in video kind, and get common updates from us on WhatsApp too.
