Description

Researchers have identified a new cybercrime platform known as the Mycelium Framework, an AI-as-a-Service (AIaaS) botnet that enables threat actors to execute malicious workloads across compromised Windows and Linux systems. Unlike traditional botnets focused on DDoS or spam campaigns, this framework provides a modular ecosystem that supports AI-assisted offensive operations, credential theft, persistence, exploit deployment, and remote command execution. Its commercialization significantly lowers the barrier for cybercriminals by offering advanced attack capabilities as a subscription-based service. The Mycelium Framework operates as a cross-platform botnet capable of infecting both Windows and Linux hosts, allowing operators to distribute malicious AI-powered workloads across a large pool of compromised devices. The malware incorporates encrypted command-and-control (C2) communications, persistence mechanisms, exploit modules, credential harvesting, and remote execution capabilities, enabling attackers to manage infected systems efficiently while evading detection. Its modular architecture allows customers to selectively deploy features such as information stealers, ransomware loaders, cryptominers, and reconnaissance tools depending on operational objectives. By distributing workloads across numerous infected endpoints, attackers reduce resource consumption on individual systems while increasing scalability and resilience against takedowns. The framework's AI-assisted automation further accelerates target identification, payload deployment, and attack orchestration, reflecting the growing trend of cybercrime-as-a-service. The emergence of AIaaS botnets demonstrates how artificial intelligence is being integrated into underground ecosystems to simplify sophisticated attacks and expand access to advanced offensive capabilities.