APT36 Floods Indian Government Networks With AI-Generated Malware

Pakistan-linked threat group APT36 has industrialized its malware development, using AI coding tools to generate thousands of variants designed to overwhelm detection systems through sheer volume rather than technical sophistication.

Bitdefender researchers documented the campaign, which they attribute with medium-to-high confidence to Transparent Tribe (APT36), a state-sponsored group historically focused on Indian government targets. The approach represents a shift from crafting carefully evasive implants to flooding defenders with disposable malware - what researchers call "Distributed Denial of Detection."

How Vibeware Works

The "vibeware" strategy relies on large language models and AI-powered development tools to rapidly rewrite malicious logic across multiple programming languages. APT36 generates new malware variants almost daily, producing implants in lesser-known languages including Nim, Zig, and Crystal alongside more common choices like Rust and Go.

The choice of obscure languages is deliberate. Security tools often lack robust detection signatures for uncommon runtimes. By pairing AI-assisted development with niche language selection, APT36 collapses the expertise gap that would traditionally limit malware diversity.

The strategy bets that even if defenders catch some variants, the volume ensures others slip through. It's quantity over quality, enabled by automation.

The Malware Families

Bitdefender documented an extensive toolkit deployed in these campaigns:

Command and Control

• CrystalShell (Crystal): Uses Discord channel IDs for C2, with variants supporting Slack
• ZigShell (Zig): Slack primary C2 with file upload/download capabilities
• SupaServ (Rust): Uses Supabase as primary channel with Firebase fallback
• LuminousStealer (Rust): Exfiltrates data through Firebase and Google Drive
• LuminousCookies (Rust): Targets Chromium browser data, bypassing app-bound encryption

Deployment Tools

• Warcode (Crystal): Reflective Havoc agent loader
• NimShellcodeLoader: Deploys Cobalt Strike beacons
• ZigLoader: Shellcode decryption and execution

The use of legitimate services like Google Sheets, Slack, and Discord for command-and-control mirrors techniques we've seen from other threat actors abusing trusted platforms to blend malicious traffic with normal enterprise communications.

Who Gets Targeted

Primary targets include Indian government organizations connected to military, diplomacy, and strategic policy operations. APT36 also targeted Indian embassies across multiple countries, extending the campaign's geographic scope.

Secondary targets include Afghan government entities and private businesses in the region. The targeting aligns with long-documented Pakistan-India geopolitical tensions that drive APT36's mission.

Attackers use LinkedIn to identify high-value victims before launching spear-phishing operations. Infection chains typically begin with phishing emails containing Windows shortcuts in ZIP or ISO archives, or PDF lures with "Download Document" buttons redirecting to attacker infrastructure.

Attribution Confidence

Researchers link this campaign to APT36 based on:

• Consistent targeting patterns aligned with Pakistan-India geopolitical interests
• Infrastructure overlap with previously documented Transparent Tribe campaigns
• Malware families (SHEETCREEP, MAILCREEP) detailed by Zscaler ThreatLabz in January 2026

The medium-to-high confidence attribution reflects strong circumstantial evidence without definitive technical proof directly linking operations to Pakistani government handlers.

Why AI-Assisted Malware Matters

The vibeware approach challenges traditional signature-based detection assumptions. While modern endpoint solutions rely heavily on behavioral analytics, the sheer volume of variants forces security teams into a constant triage mode.

Bitdefender warns this represents "industrialization" rather than technical advancement. APT36 isn't building more sophisticated implants - they're building more implants, faster.

This pattern echoes concerns we've raised about AI-generated malware in criminal operations. The barrier to producing malware variants continues to drop, even for actors without deep development expertise.

Defensive Recommendations

Organizations in APT36's target profile should:

1. Enhance behavioral detection - Signature-based approaches will consistently lag behind variant production
2. Monitor for C2 abuse - Watch for unusual traffic patterns to legitimate services like Google Sheets, Discord, and Slack
3. Strengthen email security - Block ISO/ZIP attachments and scrutinize PDF downloads from external sources
4. LinkedIn awareness - Train employees to recognize reconnaissance attempts through social platforms

For organizations tracking threat actors using specific IP ranges, PortSix provides enrichment capabilities for suspicious infrastructure indicators.

Understanding social engineering fundamentals remains critical - regardless of how malware is produced, initial access still typically requires tricking humans into executing something they shouldn't.