Google has uncovered a novel and concerning piece of malware, dubbed PROMPTFLUX, which leverages Google's own Gemini AI model to rewrite its code in real-time, aiming to evade security detection. This experimental Visual Basic Script (VB Script) malware represents a significant evolution in cyber threats, moving beyond AI for productivity gains to AI-enabled tools that dynamically alter their behavior during execution.

Key Takeaways

• PROMPTFLUX uses Google's Gemini AI API to request code obfuscation and evasion techniques.

• The malware aims for "just-in-time" self-modification to bypass static signature-based detection.

• It is currently experimental and lacks the ability to compromise victim networks.

• Other AI-powered malware variants are also being observed in the wild.

The 'Thinking Robot' Module

PROMPTFLUX's most innovative feature is its "Thinking Robot" component. This module periodically queries the Gemini AI model, specifically Gemini 1.5 Flash or later, using a hard-coded API key. The prompts sent are highly specific and machine-parsable, requesting VBScript code changes for antivirus evasion and instructing the AI to output only the code itself. This allows the malware to obtain new code for improved obfuscation and evasion, likely on an hourly basis in some variants.

Persistence and Propagation

Once new code is generated, the malware saves the obfuscated version to the Windows Startup folder to ensure persistence across reboots. It also attempts to propagate by copying itself to removable drives and mapped network shares. While the self-modification function was commented out in some analyzed samples, the active logging of AI responses indicates the author's intent for a metamorphic script that can evolve over time.

Broader AI-Powered Malware Landscape

PROMPTFLUX is not an isolated incident. Google's Threat Intelligence Group (GTIG) has identified other instances of AI-powered malware, including:

• FRUITSHELL: A PowerShell reverse shell with hard-coded prompts to bypass LLM-powered security systems.

• PROMPTLOCK: A proof-of-concept ransomware that uses an LLM to dynamically generate malicious Lua scripts.

• PROMPTSTEAL (aka LAMEHUG): A data miner used by APT28 that queries an LLM to generate commands for execution.

• QUIETVAULT: A JavaScript credential stealer targeting GitHub and NPM tokens, which also uses AI prompts to find other secrets.

Concerns and Counterarguments

While Google's findings highlight a concerning trend, some security researchers, like Marcus Hutchins, have cautioned against overstating the immediate threat, pointing out that the prompts used might be too simplistic and that the AI doesn't inherently understand evasion techniques. However, Google emphasizes that adversaries are moving beyond simple productivity gains to create tools capable of adjusting their behavior mid-execution and developing purpose-built tools for sale on underground forums.

State-Sponsored Misuse of AI

Beyond malware, state-sponsored actors from China, Iran, and North Korea have been observed misusing Gemini for various tasks, including reconnaissance, phishing lure creation, command-and-control development, and data exfiltration. Some actors have employed social engineering tactics, such as posing as participants in Capture-the-Flag (CTF) exercises or students, to bypass AI safety guardrails and obtain restricted information.

Google has taken action to disable assets associated with PROMPTFLUX and has implemented safeguards in Gemini to prevent such misuse. The company anticipates that threat actors will increasingly rely on AI to boost the speed, scope, and effectiveness of their operations, leading to attacks at scale.

Sources

• Google Uncovers PROMPTFLUX Malware That Uses Gemini AI to Rewrite Its Code Hourly, The Hacker News.

• Google uncovers malware using LLMs to operate and evade detection, Help Net Security.

• Google Warns of PROMPTFLUX Malware That Uses Gemini API for Self-Rewriting Attacks, GBHackers News.

• Google Finds Malware Connecting to AI Large Language Models to Hone Attacks, PCMag.

• PromptFlux Malware Uses Gemini to Rewrite and Hide Itself in Real Time, CyberInsider.