DeepLocker is an AI (Artificial Intelligence) highly targeted and evasive malware. The malware is dormant until it finds a specific target which is determined through multiple factors such as geolocation, voice recognition, facial recognition, and potentially extracted data from online trackers, along with social media. Once a target is chosen, DeepLocker’s DNN (Deep Neutral Network) model will stipulate trigger conditions to execute a payload, however if the conditions are not met and the target isn’t found, DeepLocker remains locked up. According to researchers, “finding a target, triggering a key, and executing a payload may bring to mind an ‘if this, then that’ programming model. However, the DNN AI-model is far more convoluted and difficult to decipher.” Researchers have released a PoC which demonstrated the WannaCry malware hidden in a video conference application. DeepLocker was not detected by sandboxing or AV engines. Following this, the malware was trained for facial recognition of an individual that was selected for the test. Once the face was recognized, the ransomware executed its payload. This style of attack has not been actively used in the wild yet.
