Nation-state actors and cybercrime syndicates are leveraging Gemini to create advanced malware, specifically a “Thinking Robot” that can self-rewrite its code to elude detection, according to Google Threat Intelligence Group’s latest AI Threat Tracker. Recent findings indicate a shift in tactics; attackers are not just using Gemini for productivity but are also experimenting with AI-enabled malware. For instance, Iran’s APT42 has utilized AI for phishing and recently attempted to develop a “data processing agent” to analyze personally identifiable information (PII) using SQL queries. Google’s report also highlights the emergence of PromptFlux, a malware that uses large language models (LLMs) to generate malicious scripts in real-time. Notably, Russia’s APT28 has employed a version known as PromptSteal, actively querying LLM APIs for command generation. These developments emphasize an evolving threat landscape where AI capabilities are increasingly integrated into cyber-attacks. Google has since disabled accounts associated with these activities, but the threats remain significant.
Source link
Share
Read more