Google Discovers PROMPTFLUX Malware Leveraging Gemini AI for Evasion
These articles are AI-generated summaries. Please check the original sources for full details.
Google Discovers PROMPTFLUX Malware Leveraging Gemini AI for Evasion
Overview of PROMPTFLUX Malware
Google’s Threat Intelligence Group (GTIG) uncovered PROMPTFLUX, a novel Visual Basic Script (VB Script) malware that integrates with Google’s Gemini AI API to dynamically rewrite its own code for evasion. Key aspects include:
- Self-modification: The malware queries Gemini’s API hourly to generate obfuscated VB Script code, avoiding static signature detection.
- Persistence Mechanism: Stores updated code in the Windows Startup folder and propagates via removable drives and network shares.
- Development Stage: Currently lacks network-compromise capabilities but is in testing, suggesting future evolution.
Key Features and Techniques
- AI Integration: Uses a hard-coded API key to send machine-parsable prompts to Gemini 1.5 Flash or later, requesting specific obfuscation techniques.
- Logging: Logs AI responses to
%TEMP%\thinking_robot_log.txt, indicating intent to create a metamorphic script. - Commented Function: The
AttemptToUpdateSelffunction is commented out, raising questions about its operational status but confirming the author’s goal of adaptive code evolution.
Other AI-Powered Malware Examples
Google identified additional LLM-driven malware variants:
- FRUITSHELL: PowerShell reverse shell with LLM prompts to bypass detection.
- PROMPTLOCK: Go-based ransomware using LLM to generate malicious Lua scripts at runtime (proof-of-concept).
- PROMPTSTEAL (LAMEHUG): APT28 tool querying Qwen2.5-Coder-32B-Instruct for commands targeting Ukraine.
- QUIETVAULT: JavaScript credential stealer targeting GitHub/NPM tokens.
Misuse of Gemini by State-Sponsored Actors
State-sponsored groups exploited Gemini for malicious purposes:
- China-nexus Actor: Used CTF pretext to bypass guardrails, generating phishing lures and data-exfiltration tools.
- APT41 (China): Leveraged Gemini for code obfuscation and C2 framework development (OSSTUN).
- MuddyWater (Iran): Claimed to be a student to circumvent safety barriers, developing custom malware.
- APT42 (Iran): Crafted phishing materials and a “Data Processing Agent” for SQL query generation.
- UNC1069 (North Korea): Generated cryptocurrency-stealing code and deepfake lures for social engineering.
Google’s Response and Implications
- Threat Actor Motives: Likely financially driven, targeting a broad range of users without specific industry focus.
- Counterarguments: Security researcher Marcus Hutchins criticized the report’s emphasis, noting the malware’s code lacks entropy and the self-modification function is inactive.
- Broader Trends: Adversaries are shifting from AI for productivity to adaptive, AI-driven tools for real-time evasion and exploitation.
Reference
https://thehackernews.com/2025/11/google-uncovers-promptflux-malware-that.html
Continue reading
Next article
Google AI Introduces Consistency Training for Safer Language Models Under Sycophantic and Jailbreak Style Prompts
Related Content
Microsoft Discovers 'SesameOp' Backdoor Leveraging OpenAI API for Stealthy Cyber Operations
Microsoft reveals 'SesameOp,' a sophisticated backdoor using OpenAI's API as a covert command-and-control channel for prolonged espionage activities.
Konni Hackers Exploit Google Find Hub for Remote Data-Wiping and Multi-Group Cyber Threats
North Korea-linked Konni hackers weaponize Google's Find Hub for remote device wiping, while Lazarus and Kimsuky groups deploy advanced malware in targeted campaigns.
Nation-State Hackers Deploy Airstalk Malware in Supply Chain Attack Targeting Enterprise Browsers
Airstalk malware exploits AirWatch APIs for covert C2 communication, targeting enterprise browsers in a suspected supply chain attack linked to a nation-state actor.