- 843
- 228
Google has announced a new experimental malware program that uses artificial intelligence to modify its own code and hide on the target system. This malware, PROMPTFLUX, is a malicious VB Script script that interacts with the Gemini API, querying the model for obfuscation and antivirus evasion options.
As explained by researchers from the Google Threat Intelligence Group (GTIG), PROMPTFLUX accesses Gemini 1.5 Flash (and later versions) to obtain updated code capable of evading signature detection.
The malicious script uses an embedded API key to send requests directly to the Gemini API and saves new versions in the Windows startup folder.
Interestingly, the script contains a self-regenerating function, AttemptToUpdateSelf. Although it is commented out and inactive, the presence of AI interaction logs in the thinking_robot_log.txt file suggests that the authors plan to create "self-evolving" malware. Google notes that there are several variations of PROMPTFLUX, and in one of them, the AI is tasked with completely rewriting the script's code every hour. However, the program is currently in the development stage and is not capable of infecting devices. Apparently, the project is being carried out by a financially motivated group, not government hackers. Some experts, however, believe this story is exaggerated. Researcher Marcus Hutchins stated that PROMPTFLUX shows no real signs of "intelligent" behavior:
[td]"The Gemini model doesn't know how to bypass antivirus software. Furthermore, the code has no mechanisms to guarantee uniqueness or stability. And the code modification feature isn't even used."[/td]However, Google experts warn that attackers are actively experimenting with using AI not only to automate tasks but also to create malicious tools that can adapt on the fly.
Other examples of AI malware discovered by Google include:
As explained by researchers from the Google Threat Intelligence Group (GTIG), PROMPTFLUX accesses Gemini 1.5 Flash (and later versions) to obtain updated code capable of evading signature detection.
The malicious script uses an embedded API key to send requests directly to the Gemini API and saves new versions in the Windows startup folder.
Interestingly, the script contains a self-regenerating function, AttemptToUpdateSelf. Although it is commented out and inactive, the presence of AI interaction logs in the thinking_robot_log.txt file suggests that the authors plan to create "self-evolving" malware. Google notes that there are several variations of PROMPTFLUX, and in one of them, the AI is tasked with completely rewriting the script's code every hour. However, the program is currently in the development stage and is not capable of infecting devices. Apparently, the project is being carried out by a financially motivated group, not government hackers. Some experts, however, believe this story is exaggerated. Researcher Marcus Hutchins stated that PROMPTFLUX shows no real signs of "intelligent" behavior:
Other examples of AI malware discovered by Google include:
- FRUITSHELL is a reverse PowerShell shell trained to bypass LLM-based systems;
- PROMPTLOCK is a cross-platform ransomware written in Go that uses LLM to generate malicious Lua scripts;
- PROMPTSTEAL (LAMEHUG) is a tool used by the APT28 group to attack Ukraine;
- QUIETVAULT — JavaScript malware that steals GitHub and NPM tokens.