New Cyber Threat Alert: Hackers Exploit OpenAI API to Craft Stealthy Backdoor Malware
2025-11-04 / Read about 0 minute
Author:小编   

Microsoft's dedicated security research team has raised the alarm about an emerging malware strain dubbed 'SesameOp.' Initially detected in July 2025, this malicious software ingeniously leverages OpenAI's Assistants API as a clandestine conduit for cyberattacks. By utilizing the API as a stealthy command-and-control channel, it can transmit encrypted instructions and siphon off stolen data, thereby establishing a hidden communication network.

To maintain its covert presence, 'SesameOp' employs sophisticated dual encryption and compression techniques, coupled with advanced injection methods, ensuring long-term stealth and evasion. Notably, this attack did not capitalize on any security loopholes within OpenAI's infrastructure.

In response to this threat, Microsoft has worked closely with OpenAI to revoke access for the implicated accounts and API keys. Furthermore, they have announced plans to decommission the exploited API by August 2026. To mitigate the risk of such attacks, Microsoft urges corporate security teams to bolster their cybersecurity defenses. This includes implementing robust log auditing, closely monitoring network connections, and activating tamper-resistant protections to safeguard against similar malicious incursions.