New Malware Exploits OpenAI Assistants API for Stealthy Command and Control

Unveiling SesameOp: A Sophisticated Backdoor Threat

In a recent cybersecurity investigation, Microsoft’s Detection and Response Team (DART) uncovered a novel malware strain dubbed SesameOp. This backdoor malware leverages the OpenAI Assistants API to establish a covert command and control (C2) channel, enabling attackers to maintain persistent access to compromised systems without raising immediate suspicion.

How SesameOp Operates: Using Legitimate Cloud Services for Malicious Control

Unlike traditional malware that depends on malicious infrastructure-often vulnerable to detection and takedown-SesameOp cleverly abuses legitimate cloud services. By utilizing the OpenAI Assistants API, the attackers remotely controlled infected devices for several months, effectively masking their activities within trusted network traffic.

The malware encodes commands in encrypted and compressed formats, which are stored and relayed through the API. Once retrieved, these commands are decrypted and executed on the target machines. Data exfiltrated during the attack is similarly encrypted using a hybrid of symmetric and asymmetric cryptography before being sent back via the same API channel.

Technical Insights: Attack Chain and Persistence Mechanisms

DART’s analysis revealed that SesameOp’s infection chain includes a heavily obfuscated backdoor combined with a .NET loader. This loader exploits the .NET AppDomainManager injection technique, targeting multiple Microsoft Visual Studio utilities. This approach allows the malware to embed itself deeply within the system, establishing long-term persistence through carefully crafted malicious processes designed for ongoing espionage.

Misuse of OpenAI API Features, Not a Platform Vulnerability

Microsoft emphasizes that SesameOp does not exploit any inherent vulnerabilities in the OpenAI platform. Instead, it takes advantage of legitimate functionalities within the Assistants API, which is scheduled for deprecation in August 2026. In collaboration with OpenAI, Microsoft swiftly identified and disabled the compromised API keys and accounts used by the attackers, mitigating further abuse.

Recommendations for Security Teams to Counter SesameOp

To defend against this emerging threat, Microsoft advises organizations to:

• Conduct thorough audits of firewall and network logs to detect unusual API traffic patterns.
• Enable tamper detection mechanisms to prevent unauthorized modifications to security configurations.
• Configure endpoint detection and response (EDR) tools in block mode to halt suspicious activities.
• Monitor and restrict unauthorized external connections, especially those involving cloud service APIs.

Enhancing Secrets Management: A Proactive Security Approach

Effective secrets management is critical in preventing similar attacks. Microsoft offers a comprehensive Secrets Security Cheatsheet designed to help teams establish robust security practices-from cleaning up legacy keys to implementing guardrails for AI-generated code. This resource simplifies the complexities of secrets management, empowering organizations to maintain control over sensitive credentials.

Download the Secrets Security Cheatsheet to strengthen your security posture and reduce risks associated with credential sprawl and misuse.