The Google Threat Intelligence Group (GTIG) has reported a significant shift in cyberattacks: threat actors are no longer using artificial intelligence just to speed up their work; they are now building malware that uses AI to change its own code during execution.
According to GTIG’s latest report, this new phase marks the first active use of “just-in-time” AI in cyber operations. The group found that both state-sponsored and financially motivated attackers are experimenting with AI tools, including Google’s own Gemini and open models such as those hosted on Hugging Face, to enhance every stage of their campaigns, from reconnaissance to data theft.
AI Enters Active Cyber Operations
GTIG identified several malware families that use large language models (LLMs) during their execution to dynamically rewrite or generate code. The most notable examples include PROMPTFLUX, PROMPTSTEAL, and QUIETVAULT, each representing a different function in the attack lifecycle.
- PROMPTFLUX, written in VBScript, connects to Google’s Gemini API to rewrite its own source code every hour to evade antivirus systems. GTIG found that the malware could prompt the model to act as an “expert VBScript obfuscator”, ensuring each regenerated version stayed functional while remaining undetected.
- PROMPTSTEAL, linked to Russia-backed APT28 (also known as FROZENLAKE), uses the Hugging Face API to query the Qwen2.5-Coder-32B-Instruct model. It asks the AI to generate one-line Windows commands that collect system information and copy documents before exfiltrating the data.
- QUIETVAULT targets GitHub and NPM credentials and uses on-device AI command-line tools to search for other sensitive data, uploading stolen material to GitHub repositories.
Google said some of these tools, such as PROMPTFLUX, are still in testing phases, but others, like PROMPTSTEAL, have already been used in live operations.
Threat Actors Bypassing AI Safeguards
The report also describes how attackers are using social engineering techniques in prompts to manipulate AI models into providing restricted information. For instance, GTIG found that Chinese and Iranian state-backed hackers posed as students or researchers to convince Gemini to help them with malicious code.
In one case, a China-linked group reframed their prompt by claiming to be part of a “capture-the-flag” cybersecurity competition, a legitimate hacking exercise. When presented as a CTF scenario, Gemini responded with technical details that could aid real-world exploitation.
Another example involved the Iranian group TEMP.Zagros (MuddyWater), which pretended to be university students or authors “writing a paper” to bypass AI safety filters. In one prompt, the group accidentally exposed sensitive information, such as its command-and-control (C2) server and encryption key, allowing Google to disrupt the campaign.
Google said it took action to disable assets linked to these actors and…
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
