Microsoft’s Detection and Response Team (DART) has revealed a new advanced backdoor, dubbed SesameOp. This backdoor employs OpenAI Assistants Application Programming Interface (API), which it relies on for command-and-control (C2) communications. By July of 2025, our researchers had found SesameOp—a radical new evolution in malware. It continues to use benign tools for malign purposes to enable threat actors to remain undetected in victim networks for months on end.
SesameOp works by utilizing the OpenAI Assistants API to pull down encrypted commands and run them locally. This creative approach lets the malware hide in plain sight among benign network behavior, slipping past standard detection technologies. This incident further underscores the repeated misuse of otherwise legitimate technologies by cybercriminals to enact and accomplish their harmful goals.
Details of the SesameOp Backdoor
In this episode, we go behind the scenes of SesameOp with Microsoft’s technical report. Most interestingly, it showcases how the malware employs a very heavily obfuscated dynamic link library (DLL) generated with Eazfuscator.NET. Specifically, design for stealth, persistence, and secure, encrypted communication via the OpenAI Assistants API. The backdoor uses an implant called Netapi64, which is especially important for its operation.
“The dynamic link library (DLL) is heavily obfuscated using Eazfuscator.NET and is designed for stealth, persistence, and secure communication using the OpenAI Assistants API,” – Microsoft.
It allows for support of any number of command types in the description field of the Assistants list. These include:
- SLEEP, permitting the process thread to pause for a specified duration.
- Payload, which extracts message contents from the instructions field for execution in a separate thread.
- Result, used to transmit processed output back to the threat actor as a new message.
Mechanism of Operation
SesameOp’s operation is exceptional even among the most complex C2’s, as it prevents traditional C2 straightaways. Rather than using more conventional methods, the threat actors responsible for this backdoor use OpenAI as a sort of covert command-and-control channel. This tactic is particularly useful for orchestrating malicious activities with little attention in compromised environments.
“Instead of relying on more traditional methods, the threat actor behind this backdoor abuses OpenAI as a C2 channel as a way to stealthily communicate and orchestrate malicious activities within the compromised environment,” – Microsoft Incident Response.
At runtime, the host executable loads Netapi64.dll via .NET AppDomainManager injection. This entire process is controlled by a specially formatted .config file provided alongside the host executable. This degree of infiltration makes detection efforts even more difficult.
“Netapi64.dll is loaded at runtime into the host executable via .NET AppDomainManager injection, as instructed by a crafted .config file accompanying the host executable,” – Microsoft.
Broader Implications
The emergence of SesameOp underscores a concerning trend in cybersecurity: the increasing use of legitimate tools for malicious purposes. Cybercriminals exploit popular APIs, such as OpenAI’s, to obfuscate their malicious activities. This tactic mixes their operations in with normal network traffic, creating a significantly more difficult environment for security practitioners to detect them.
Microsoft’s disclosure of SesameOp is a helpful reminder – and one that is certainly timely given the rapidly evolving nature of cyber threats. While attackers are always distilling their craft, organizations need to stay ahead of the game and be agile where attackers aren’t.