"Tools like PROMPTFLUX "dynamically generate malicious scripts, obfuscate their own code to evade detection, and leverage AI models to create malicious functions on demand, rather than hard-coding them into the malware," GTIG wrote. According to the tech giant, this new "just-in-time" approach "represents a significant step toward more autonomous and adaptive malware." PROMPTFLUX is a Trojan horse malware that interacts with Google's Gemini AI model's application programming interface (API) to learn how to modify itself to avoid detection on the fly."
"Further examination of PROMPTFLUX samples suggests this code family is currently in a development or testing phase since some incomplete features are commented out and a mechanism exists to limit the malware's Gemini API calls," the group wrote. Fortunately, the exploit has yet to be observed infecting machines in the wild, as the "current state of this malware does not demonstrate an ability to compromise a victim network or device," Google noted. "We have taken action to disable the assets associated with this activity."
Malware developers are building programs that use large language models to rewrite and obfuscate their own code on demand, enabling just-in-time generation of malicious functions. An experimental family called PROMPTFLUX acts as a Trojan that queries Gemini's API to learn how to modify itself to evade detection. Samples show development-stage features, commented-out code, and limits on Gemini API calls. The malware has not been observed infecting devices in the wild and currently lacks demonstrated ability to compromise victim networks. The activity appears linked to financially motivated actors and could lower barriers via an illicit AI tool marketplace.
Read at Futurism
Unable to calculate read time
Collection
[
|
...
]