SesameOp Backdoor Uses OpenAI API for C2 Communications

Microsoft researchers discovered SesameOp, a new backdoor malware using the OpenAI Assistants API for command-and-control. The malware, found in July 2025, allowed attackers to maintain long-term persistence for espionage. It used a heavily obfuscated loader and a .NET-based backdoor, leveraging legitimate cloud services to avoid detection. Microsoft and OpenAI collaborated to disable the misused API key and account.

Latest mentioned: 11-03

Earliest mentioned: 11-03

Sources

microsoft.com bleepingcomputer.com

Also Read

Threat Actors Use JSON Services for Malware Delivery

Threat actors have updated their tactics by using JSON storage services to host and deliver malware. The campaign involves targeting software developers through professional networking sites, instructing them to download trojanized code projects. These projects contain Base64-encoded values that lead to JSON storage services, where the next-stage payload, a JavaScript malware known as BeaverTail, is stored. BeaverTail harvests sensitive data and drops a Python backdoor called InvisibleFerret, which fetches additional payloads. The campaign's success underscores the actors' ability to operate stealthily and blend in with normal traffic.

11-15Read more →