OBJECTWIRE

Independent · Verified · In-Depth

🔴 BreakingTech

DeepLoad Malware | AI Obfuscation & ClickFix Tactics Bypass Enterprise Defenses

ReliaQuest researchers documented a campaign using LLMs to mass-produce decoy code and ClickFix tricks to execute credential-stealing payloads via the Windows Run box, with no browser download required

C
Connan Boyle
March 30, 2026📖 6 min read

Security researchers at ReliaQuest published a technical alert on Monday, March 30, 2026, regarding a sophisticated new malware campaign dubbed "DeepLoad." The threat is notable for its combination of AI-generated obfuscation and the ClickFix social engineering technique, designed to steal enterprise credentials while remaining invisible to traditional file-based and signature-based scanners.

According to the ReliaQuest technical report , DeepLoad represents a shift in how threat actors are using Large Language Models — not for crafting phishing lures, but for mass-producing "junk code" that buries malicious logic under thousands of lines of meaningless noise.

The DeepLoad Attack Chain | How ClickFix Delivers the Payload

DeepLoad gains initial access through ClickFix, a social engineering tactic that tricks users into executing malicious commands by framing them as a routine browser or document fix. The sequence requires no file download through the browser and bypasses most email and web gateway filters entirely.

  1. The lure: A user lands on a compromised website — typically via SEO poisoning — and sees a fake error message such as "Browser cannot display this page" or a "Failed reCAPTCHA" prompt.
  2. The instruction: The page provides staged "fix" steps: Press Win + R, then Ctrl + V, then Enter.
  3. The execution: The Ctrl + V step pastes a pre-copied, Base64-encoded PowerShell command — already sitting in the clipboard from page load — directly into the Windows Run dialog. The user presses Enter and the infection begins without a single file passing through the browser's download pipeline.

ClickFix attacks have been tracked by Proofpoint threat researchers since late 2024 and have accelerated sharply in 2026 as threat actors refined the clipboard-injection mechanism to reliably bypass browser security prompts.

AI Obfuscation | 10,000 Lines of Decoy Code Generated in Minutes

The distinguishing technical feature of DeepLoad is its obfuscation layer. ReliaQuest researchers found that the malware's functional payload is buried within thousands of meaningless variable assignments and dead code branches — a volume that points clearly to automated generation rather than a human author.

  • Scale: Observed samples exceeded 10,000 lines of padding code per script — a volume that would take a developer days to write manually and minutes to generate with an LLM instructed to produce syntactically valid but semantically empty script noise.
  • Effect on scanners: Static antivirus and EDR tools that rely on signature matching or heuristic pattern recognition are overwhelmed by the volume of harmless-looking code. The payload's recognizable patterns are diluted beyond detection thresholds.
  • Variation at scale: Because LLMs generate structurally unique output on each run, each DeepLoad sample differs enough from prior samples to defeat hash- and signature-based blocklists.

The use of LLMs for obfuscation, rather than phishing copy generation, marks a tactical maturation. For context on how AI tools are being weaponized across enterprise environments, see ObjectWire's coverage of federal concerns over AI deployment in classified systems .

Survival and Persistence | The Three-Day Reinfection Problem

DeepLoad is engineered across multiple redundancy layers to survive standard incident response and cleanup procedures. ReliaQuest documented four distinct persistence and evasion mechanisms in observed samples:

Embeds within LockAppHost.exe, the Windows Lock Screen process. Most endpoint security tools do not monitor this process, making the malware effectively invisible during idle periods., ], [ 'Instant Credential Theft', <>A standalone component, filemanager.exe, begins scraping browser passwords and session tokens immediately on landing, often exfiltrating data before the main loader is flagged., ], [ 'USB Propagation', 'Spreads to connected USB drives within 10 minutes, disguising itself as familiar installers such as Chrome Setup or AnyDesk to avoid user suspicion.', ], ]} />

The WMI persistence mechanism is particularly significant because most incident response runbooks do not include WMI subscription audits as a standard remediation step. Organizations that remove the malware without purging the WMI trigger will be reinfected on the next qualifying system event.

Defender Recommendations | Why Signature-Based Detection Is No Longer Sufficient

ReliaQuest states in its report that signature-based defense is "obsolete" against DeepLoad in its current form. The combination of AI-generated junk code variation and fileless delivery via the Windows Run dialog removes the two primary inputs traditional scanners depend on: file hashes and recognizable code signatures. The firm recommends three specific controls:

  1. Enable PowerShell Script Block Logging. This Windows feature records the actual decoded commands executed by PowerShell, regardless of how they arrived. Even Base64-obfuscated payloads are logged in plaintext after decoding. It is disabled by default on most enterprise endpoints and should be enabled via Group Policy. Microsoft's guidance is available at learn.microsoft.com .
  2. Audit WMI Event Subscriptions during remediation. Standard malware removal does not clear rogue WMI triggers. Responders must run explicit WMI subscription queries and remove unauthorized entries as a mandatory remediation step.
  3. Deploy behavioral detection for LockAppHost.exe and WMI-spawned PowerShell. Any PowerShell process spawned by WMI, or unusual network or file activity originating from LockAppHost.exe, should trigger an immediate alert. These are highly anomalous signals in normal enterprise environments.

Broader Context | AI-Assisted Malware in 2026

DeepLoad is the most documented example to date of LLMs being used operationally in malware construction, but it is not an isolated incident. Security firms including CrowdStrike and Mandiant have reported a consistent increase in obfuscation complexity across commodity malware families since mid-2025, which researchers attribute in part to the commoditization of code-generation models accessible via API.

The pattern reinforces a structural problem for defenders: the same AI tooling that accelerates legitimate software development also accelerates malicious script generation. A threat actor with access to a capable LLM and a single working PowerShell payload can produce thousands of structurally unique obfuscated variants in hours, at negligible cost.

For related coverage on AI security risks in enterprise and government settings, see ObjectWire Tech and the malware reference index. The full ReliaQuest technical analysis is available at reliaquest.com .

Discussion

Sign in to join the conversation

Your comments appear live in our Discord server, every post grows the community.

Every comment appears live in our Discord server.

Join to see the full conversation, get notified on new articles, and connect with the community.

Join ObjectWire Discord

Comments sync to our ObjectWire Discord · DeepLoad Malware | AI Obfuscation & ClickFix Tactics Bypass Enterprise Defenses.

C

Written by

Connan Boyle

Part ofObjectWirecoverage
📩 Newsletter

Stay ahead of every story

Breaking news, deep-dives, and editor picks, delivered straight to your inbox. No spam, ever.

Free · Unsubscribe anytime · No ads

Green digital binary code on black background representing DeepLoad malware encryption and AI obfuscation