Overview
- Google says Russia-linked APT28 used PromptSteal against Ukrainian targets, querying Hugging Face–hosted models to generate one-line commands and exfiltrate data.
- Researchers also identified PromptFlux, an experimental VBScript dropper whose “Thinking Robot” module asks Gemini to obfuscate and rewrite its own source code, including variants that attempt hourly regeneration.
- GTIG assesses most AI-enabled samples as nascent, noting PromptFlux currently lacks the ability to compromise devices and that associated Gemini API access and accounts were disabled.
- Other AI-involved tools detailed in the report include QuietVault for GitHub/NPM credential theft, FruitShell as a PowerShell reverse shell with prompts to bypass LLM analysis, and PromptLock as an academic proof of concept.
- Google further observed China-, Iran-, and North Korea–linked actors abusing Gemini for phishing, reconnaissance, code development and data-mining, and it highlighted a growing underground market selling malicious AI capabilities.