The Mycelium Framework represents the first documented instance of a botnet marketed directly as an AI-as-a-Service platform. Security researchers identified this emerging threat in June 2024 through a dark web listing, which advertises Mycelium as a way for cybercriminals to monetise compromised Windows and Linux machines by renting out their computing resources and stolen AI accounts. This event marks a significant shift in the monetisation of botnets, with implications for enterprise security and the broader digital ecosystem.
How the Mycelium Framework AI-as-a-Service Botnet Operates
Mycelium is advertised as a cross-platform botnet toolkit, written in C++, and designed for both Windows and Linux environments. Unlike traditional botnets, which typically focus on spam campaigns or distributed denial-of-service attacks, Mycelium evaluates infected hosts for their suitability as part of a black market AI cluster. The framework’s operators target systems with significant CPU or GPU resources, active AI service accounts, and stored credentials, offering these assets for rent to other criminals on underground forums.
Key Features of Mycelium Framework
- Cross-platform support: Compatible with modern Windows and Linux operating systems.
- Modular plugin architecture: Allows operators to add or swap capabilities such as credential theft, network scanning, browser data extraction, and exploit modules without rebuilding the malware.
- Encrypted command and control: Uses secure channels to communicate with infected endpoints, reducing the chance of detection.
- Credential harvesting: Focuses on collecting credentials for AI platforms and cloud services, in addition to standard password theft.
- Resource assessment: Probes systems for CPU, GPU, and AI account access, grading their suitability for illicit compute rental.
Timeline and Discovery
The Mycelium listing was first observed by researchers at Flare in June 2024 on a well-known dark web marketplace. Flare’s analysis, published shortly thereafter, highlights the novelty of the approach. While the techniques used for infection and exploitation are not new, their combination into a single, AI-as-a-Service offering is unprecedented.
There is currently no public evidence of widespread deployment, but the mere existence of Mycelium’s marketing signals an intent to industrialise the monetisation of stolen computing power. The framework is still being advertised and discussed on underground forums, and threat intelligence teams are monitoring for any signs of active campaigns.
Who Is at Risk and How the Attack Works
The Mycelium Framework primarily targets organisations and individuals with powerful Windows or Linux machines. This includes enterprises with on-premise servers, research institutions, and any users with high-performance GPUs or CPUs. The infection vector is not explicitly detailed in the listing, but it likely leverages standard botnet distribution methods: phishing, exploit kits, or supply chain compromises.
Once installed, Mycelium performs a detailed inventory of the host’s hardware and software environment. It looks for:
- Installed GPUs (for AI and machine learning workloads)
- Stored browser passwords and session cookies
- Active logins for AI platforms (e.g., OpenAI, Google Cloud AI, Hugging Face)
- Network accessibility and lateral movement potential
Infected hosts are then enrolled into a botnet, where their compute power and stolen credentials are offered for rent through a black market interface. Criminals can use these resources to perform illicit AI training, automated account creation, or data scraping, effectively turning the botnet into a decentralised, criminal cloud service.
Current Exploitation Status and Security Implications
According to Flare, there have been no confirmed reports of Mycelium infections in the wild as of late June 2024. However, the existence of the framework and the sophistication of its design have raised alarms within the cybersecurity community. The framework’s modularity and focus on AI services make it particularly dangerous for organisations relying on cloud-based AI platforms or possessing in-house machine learning infrastructure.
The convergence of botnets with AI-as-a-Service models introduces several new risks:
- Increased likelihood of resource theft, leading to unexpected compute bills or degraded service performance
- Compromise of AI accounts, enabling abuse of paid APIs or access to sensitive data
- Potential use of stolen compute for large-scale automated attacks, such as synthetic identity generation or content scraping
Why This Matters and What Organisations Should Do
The Mycelium Framework demonstrates how cybercriminals are adapting to the growing importance of AI and high-performance computing. The ability to rent illicit compute clusters on demand could fuel a new wave of attacks targeting cloud services and AI-powered platforms.
Organisations should closely monitor for signs of unauthorised compute usage, unusual AI account activity, and credential theft. Enhanced monitoring of GPU utilisation, API access patterns, and credential management is recommended, particularly for entities with significant AI investments.
Rapid detection and response will be essential as frameworks like Mycelium move from underground listings to active exploitation.
Originally reported by cybersecuritynews.com.






