Google Discovers PROMPTFLUX Malware Leveraging Gemini AI for Evasion
These articles are AI-generated summaries. Please check the original sources for full details.
Google Discovers PROMPTFLUX Malware Leveraging Gemini AI for Evasion
Overview of PROMPTFLUX Malware
Google’s Threat Intelligence Group (GTIG) uncovered PROMPTFLUX, a novel Visual Basic Script (VB Script) malware that integrates with Google’s Gemini AI API to dynamically rewrite its own code for evasion. Key aspects include:
- Self-modification: The malware queries Gemini’s API hourly to generate obfuscated VB Script code, avoiding static signature detection.
- Persistence Mechanism: Stores updated code in the Windows Startup folder and propagates via removable drives and network shares.
- Development Stage: Currently lacks network-compromise capabilities but is in testing, suggesting future evolution.
Key Features and Techniques
- AI Integration: Uses a hard-coded API key to send machine-parsable prompts to Gemini 1.5 Flash or later, requesting specific obfuscation techniques.
- Logging: Logs AI responses to
%TEMP%\thinking_robot_log.txt, indicating intent to create a metamorphic script. - Commented Function: The
AttemptToUpdateSelffunction is commented out, raising questions about its operational status but confirming the author’s goal of adaptive code evolution.
Other AI-Powered Malware Examples
Google identified additional LLM-driven malware variants:
- FRUITSHELL: PowerShell reverse shell with LLM prompts to bypass detection.
- PROMPTLOCK: Go-based ransomware using LLM to generate malicious Lua scripts at runtime (proof-of-concept).
- PROMPTSTEAL (LAMEHUG): APT28 tool querying Qwen2.5-Coder-32B-Instruct for commands targeting Ukraine.
- QUIETVAULT: JavaScript credential stealer targeting GitHub/NPM tokens.
Misuse of Gemini by State-Sponsored Actors
State-sponsored groups exploited Gemini for malicious purposes:
- China-nexus Actor: Used CTF pretext to bypass guardrails, generating phishing lures and data-exfiltration tools.
- APT41 (China): Leveraged Gemini for code obfuscation and C2 framework development (OSSTUN).
- MuddyWater (Iran): Claimed to be a student to circumvent safety barriers, developing custom malware.
- APT42 (Iran): Crafted phishing materials and a “Data Processing Agent” for SQL query generation.
- UNC1069 (North Korea): Generated cryptocurrency-stealing code and deepfake lures for social engineering.
Google’s Response and Implications
- Threat Actor Motives: Likely financially driven, targeting a broad range of users without specific industry focus.
- Counterarguments: Security researcher Marcus Hutchins criticized the report’s emphasis, noting the malware’s code lacks entropy and the self-modification function is inactive.
- Broader Trends: Adversaries are shifting from AI for productivity to adaptive, AI-driven tools for real-time evasion and exploitation.
Reference
https://thehackernews.com/2025/11/google-uncovers-promptflux-malware-that.html
Continue reading
Next article
GoREST v0.1.0: Automating REST API Generation from Relational Databases
Related Content
Microsoft Discovers 'SesameOp' Backdoor Leveraging OpenAI API for Stealthy Cyber Operations
Microsoft reveals 'SesameOp,' a sophisticated backdoor using OpenAI's API as a covert command-and-control channel for prolonged espionage activities.
Konni Hackers Exploit Google Find Hub for Remote Data-Wiping and Multi-Group Cyber Threats
North Korea-linked Konni hackers weaponize Google's Find Hub for remote device wiping, while Lazarus and Kimsuky groups deploy advanced malware in targeted campaigns.
Nation-State Hackers Deploy Airstalk Malware in Supply Chain Attack Targeting Enterprise Browsers
Airstalk malware exploits AirWatch APIs for covert C2 communication, targeting enterprise browsers in a suspected supply chain attack linked to a nation-state actor.