Post

Google sounds alarm on self-modifying AI malware

Posted
By ictsec.pl
1 min read

Google’s Threat Intelligence Group (GTIG) warned of a new generation of malware that uses AI during execution to mutate, adapt, and collect data in real time, helping it evade detection more effectively.

For the first time, GTIG has identified malware families, such as PROMPTFLUX and PROMPTSTEAL, that use Large Language Models (LLMs) during execution. These tools dynamically generate malicious scripts, obfuscate their own code to evade detection, and leverage AI models to create malicious functions on demand, rather than hard-coding them into the malware.

Google documented early, experimental malware that directly leverages large language models to adapt and evade detection. PROMPTFLUX, a VBScript dropper found in June 2025, queries Gemini to request VBScript obfuscation and evasion code, logging AI responses and containing a ‘Thinking Robot’ module that aims to fetch new evasive code just-in-time. Its full self-update routine appears under development and some features remain commented out. Variants instruct Gemini to rewrite the script hourly as an ‘expert VBScript obfuscator’, embedding API keys and self-regeneration logic to create recursive metamorphism. Although PROMPTFLUX shows proof-of-concept capabilities rather than active network compromise, Google disabled associated assets and strengthened model protections.

Separately, GTIG observed APT28 using PROMPTSTEAL (aka LAMEHUG), a data-miner that queries an LLM (Qwen2.5-Coder) via Hugging Face during live operations to generate system- and file-collection commands on the fly; PROMPTSTEAL likely uses stolen API tokens and blindly executes LLM-generated commands to harvest documents and system info before exfiltration.

‘PROMPTSTEAL likely uses stolen API tokens to query the Hugging Face API. The prompt specifically asks the LLM to output commands to generate system information and also to copy documents to a specified directory.’ reads the report published by Google. ‘The output from these commands are then blindly executed locally by PROMPTSTEAL before the output is exfiltrated. Our analysis indicates continued development of this malware, with new samples adding obfuscation and changing the C2 method.’

To read the complete article: Google sounds alarm on self-modifying AI malware

MALWARE
AI MALWARE GOOGLE SECURITY
This post is licensed under CC BY 4.0 by the author.