Google’s Threat Intelligence Group (GTIG) revealed the discovery of the PROMPTFLUX malware, which utilizes an experimental Visual Basic Script (VBScript) that interacts with the Gemini AI model API for self-modification and obfuscation. This malware is designed to evade detection by employing techniques for “just-in-time” code modifications. PROMPTFLUX can regenerate its source code and establish persistence by saving obfuscated versions in the Windows Startup folder. The malware is still under development and currently lacks the capability to compromise networks. GTIG highlighted several variants exploiting AI tools, including FRUITSHELL and PROMPTLOCK, showcasing a trend where threat actors use AI for sophisticated operations like phishing, reconnaissance, and data exfiltration. Furthermore, state-sponsored actors from China, Iran, and North Korea are using Gemini to craft phishing lures, conduct research, and develop custom malware. GTIG warns of an increase in AI-driven threats as accessibility to powerful AI models grows.
Source link
