Mycelium Framework – First-Ever Know Botnet as an AI-as-a-Service

In Cybersecurity News - Original News Source is cybersecuritynews.com by Blog Writer

Spread the love

A new cybercrime advertisement is turning heads in the security community, and for good reason. It describes a botnet that does not just infect computers, it turns them into rented artificial intelligence power for other criminals to use.

The framework, called Mycelium, is sold on an underground forum as a package for breaking into machines and renting out their computing power.

Its toolkit reads like other botnet listings, offering exploitation, encrypted control channels, credential theft, and the ability to spread across networks.

What sets Mycelium apart is not how it breaks in, but what it claims to do once inside.

Instead of treating hacked machines as throwaway tools for spam or denial of service attacks, the seller describes a system that checks each device for processing power, graphics chips, stored passwords, and active AI accounts.

Researchers at Flare identified the listing and say it is the first time they have seen a botnet marketed as an artificial intelligence service rather than a traditional attack tool.

The team notes that while none of the techniques are new, combining them into one coordinated platform is unusual and concerning.

Flare said in a report shared with Cyber Security News (CSN) that the framework blurs the line between old style botnets and modern cloud computing, effectively creating a black market computing cluster built from stolen access.

Mycelium Framework

The listing describes Mycelium as a cross platform program written in C++, capable of running on both Windows and Linux systems.

It uses a plugin style design, meaning the operator can add or swap capabilities such as browser data theft, network scanning, or exploit modules without rebuilding the malware.

Communication between infected machines and the operator relies on an encrypted channel built on internet relay chat technology. This setup lets one person manage a large group of compromised devices while keeping commands hidden from security tools.

The seller also advertises a long list of exploits targeting widely used business software, including email servers, virtual infrastructure tools, and web application platforms.

This suggests the botnet is built to break into company networks broadly, raising the stakes for enterprise defenders.

Mycelium Advertisement in a Forum (Source – Flare)

An image included in the underground post, shows the seller pitching the framework to buyers, complete with its features and pricing.

Turning Stolen Machines Into AI Workers

Once a machine is compromised, the framework sorts it into a tier based on what it can offer. A device with a stolen premium AI account might be reserved for high value tasks, while a machine running a smaller local AI model could handle bulk phishing text or spam content instead.

The seller claims these AI powered machines can also run a social engineering engine that studies a victim’s writing style and past messages to craft convincing fake communications.

Combined with stolen access to messaging apps, this could let criminals send fraudulent messages that appear to come from trusted contacts.

Beyond messaging abuse, the advertisement claims the framework can watch for new security flaws, attempt to write exploit code using artificial intelligence, and then test and distribute that code automatically.

Flare notes that while some of this may be exaggerated for marketing, every piece of it is technically achievable today.

Flare recommends that security teams watch for unusual patterns rather than a single warning sign.

Suggested steps include tracking AI model key usage on servers, watching for unexpected encrypted outbound traffic from machines that rarely talk externally, and noting unusual spikes in processor or graphics card usage.

The report also advises correlating stolen browser credentials with logins to AI, developer, and messaging platforms, since attackers may chain these together.

Treating unexpected plugin style malware behavior as high risk, even from a single module, is another safeguard mentioned in the findings.

Whether every claim in the advertisement holds up in practice remains unconfirmed, since the seller has not released proof or source code.

Still, the idea of using stolen computers as AI power rather than simple bots fits naturally into where cybercrime appears to be heading.

Prevent critical incidents and financial loss with stronger proactive defense. Integrate a live threat feed from 15K SOC Teams.