%20--%3e%3cdefs%3e%3cstyle%3e%20.st0%20{%20fill:%20%23061b40;%20}%20.st1%20{%20fill:%20%23306af1;%20}%20.st2%20{%20fill:%20%235ce5cf;%20}%20%3c/style%3e%3c/defs%3e%3cg%3e%3cpath%20class='st0'%20d='M55,10.5h9v3h-9v9h12V7.5h-12v3ZM64,19.5h-6v-3h6v3Z'/%3e%3cpolygon%20class='st0'%20points='69%2016.5%2078%2016.5%2078%2019.5%2069%2019.5%2069%2022.5%2081%2022.5%2081%2013.5%2072%2013.5%2072%2010.5%2081%2010.5%2081%207.5%2069%207.5%2069%2016.5'/%3e%3cpolygon%20class='st0'%20points='95%2010.5%2095%207.5%2083%207.5%2083%2022.5%2095%2022.5%2095%2019.5%2086%2019.5%2086%2016.5%2095%2016.5%2095%2013.5%2086%2013.5%2086%2010.5%2095%2010.5'/%3e%3cpath%20class='st0'%20d='M40,1.5v21h11.6l1.4-1.4v-7.6h0c0,0-1.4-1.5-1.4-1.5l1.4-1.4V2.9l-1.4-1.4h-11.6ZM50,19.5h-7v-6h7v6ZM50,10.5h-7v-6h7v6Z'/%3e%3c/g%3e%3cpath%20class='st1'%20d='M23.1,24L14.7,4.8l-4.9,11.2h3.8l-1.8,4H3.3L12.1,0H2C.9,0,0,.9,0,2v20c0,1.1.9,2,2,2h21.1Z'/%3e%3cpath%20class='st2'%20d='M34,0h-16.8l10.6,24h6.2c1.1,0,2-.9,2-2V2C36,.9,35.1,0,34,0ZM32.5,20h-4V4h4v16Z'/%3e%3c/svg%3e)
Recently, the Microsoft Security Research Team (DART) issued a warning that a new type of malware called "SesameOp" is using OpenAI's Assistants API for cyberattacks. The innovation of this malware lies in using this legitimate cloud service as a covert command and control (C2) channel, allowing attackers to gain persistent access to victims' systems silently.
According to Microsoft's investigation, SesameOp was first discovered in a cyberattack in July 2025. This malware uses OpenAI's Assistants API as a storage and relay platform to send compressed and encrypted malicious commands to infected systems. After receiving the commands, the malware decrypts and executes them, while also stealing information from the system, encrypting it, and returning it to the attacker through the same API channel, forming a complete covert communication chain.
From a technical perspective, SesameOp includes a loader (Netapi64.dll) and a backdoor program developed based on .NET. To avoid detection by security software, this malware uses dual encryption with AES and RSA, combined with GZIP compression technology, increasing its stealth. Attackers also used an advanced technique called .NET AppDomainManager injection, which hijacks the .NET application loading process to execute malicious code, achieving long-term dormancy.
Microsoft stated that this attack did not exploit security vulnerabilities in the OpenAI platform but rather abused the built-in features of the Assistants API. After discovering this threat, Microsoft quickly collaborated with OpenAI to block the accounts and API keys used by the attackers. In addition, Microsoft plans to deprecate the abused Assistants API in August 2026.
To address the risks posed by SesameOp, Microsoft advises enterprise security teams to take a series of measures, including strict audit of firewall logs, monitoring unauthorized external connections, and enabling tamper protection features on devices. At the same time, enterprises should configure endpoint detection and response (EDR) systems to interception mode to actively prevent the execution of malicious activities.
Key points:
💻 A new type of malware called "SesameOp" has been discovered, using OpenAI Assistants API for covert attacks.
🔒 Attackers use encrypted commands and information return to achieve persistent infiltration and remote control.
🚨 Microsoft advises enterprises to strengthen network security monitoring and take measures to prevent such attacks.