{"id":224455,"date":"2025-11-04T01:15:14","date_gmt":"2025-11-04T07:15:14","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2025\/11\/microsoft-sesameop-malware-abuses-openai-assistants-api-in-attacks"},"modified":"2025-11-04T01:15:14","modified_gmt":"2025-11-04T07:15:14","slug":"microsoft-sesameop-malware-abuses-openai-assistants-api-in-attacks","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2025\/11\/microsoft-sesameop-malware-abuses-openai-assistants-api-in-attacks","title":{"rendered":"Microsoft: SesameOp malware abuses OpenAI Assistants API in attacks"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/microsoft-sesameop-malware-abuses-openai-assistants-api-in-attacks.jpg\"><\/a><\/p>\n<p>Microsoft security researchers have discovered a new backdoor malware that uses the OpenAI Assistants API as a covert command-and-control channel.<\/p>\n<p>The company\u2019s Detection and Response Team (DART) discovered the new malware, named SesameOp, during an investigation into a July 2025 cyberattack, which revealed that the malware allowed attackers to gain persistent access to the compromised environment.<\/p>\n<p>Deploying this malware also enabled the threat actors to remotely manage backdoored devices for several months by leveraging legitimate cloud services, rather than relying on dedicated malicious infrastructure that could alert victims to an attack and be taken down during subsequent incident response.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft security researchers have discovered a new backdoor malware that uses the OpenAI Assistants API as a covert command-and-control channel. The company\u2019s Detection and Response Team (DART) discovered the new malware, named SesameOp, during an investigation into a July 2025 cyberattack, which revealed that the malware allowed attackers to gain persistent access to the compromised [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34,6],"tags":[],"class_list":["post-224455","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode","category-robotics-ai"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/224455","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=224455"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/224455\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=224455"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=224455"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=224455"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}