Overview
- GTIG identified PromptFlux, an experimental VBScript dropper that queries Gemini via a “Thinking Robot” module to obfuscate and periodically rewrite its own code; Google revoked its Gemini access and removed related assets.
- Google observed PromptSteal used by Russia-linked APT28 against Ukrainian targets, with the Python tool querying an LLM on Hugging Face to generate one-line Windows commands during live operations.
- Additional AI-enabled families include FruitShell, a PowerShell reverse shell with prompts to evade LLM-based analysis, QuietVault, a JavaScript credential stealer that hunts GitHub/NPM tokens using on-host AI tools, and PromptLock, a Go-based ransomware proof of concept.
- Google detailed broader misuse of Gemini by state actors from China, Iran, and North Korea, including UNC1069 activity tied to crypto theft efforts such as wallet data probing and multilingual phishing script creation.
- Researchers stress most observed samples are early-stage or detectable yet warn of a fast-developing illicit market for AI cyber tools and urge behavioral detection, LLM API monitoring, and stricter account controls.