Google’s Threat Intelligence Group (GTIG) has revealed a sophisticated malware named PROMPTFLUX that utilizes advanced large language model (LLM) technology to regenerate its code every hour. This creative strategy harnesses the collective strength of Gemini 1.5 Flash or newer. This means that the malware is able to slip under the radar of antivirus programs. As cyber threats continue to advance, this reality becomes especially alarming with the potential for AI to be embraced in conduct that is simply wicked.
For one, PROMPTFLUX features the novel self-obfuscation technique. It uses prompts that instruct the LLM to behave like an “expert VB Script obfuscator.” This feature allows the malware to completely change its own source code on an hourly basis. This, in turn, makes it significantly more difficult for cybersecurity defenses to catch it. The malware is classified as a “Thinking Robot.” It’s the proactive, persistent attacker that’s continuously and actively querying the LLM for new code that’s frequently changing and reshaping the threat landscape.
Mechanisms of Operation
The main goal of PROMPTFLUX is to take advantage of the compromised endpoints, while ensuring persistence on the infected host systems. Once PROMPTFLUX gets new code via the LLM, it saves the obfuscated code back into the Windows Startup folder. This tactic guarantees that the malware continues to operate despite a system reboot.
PROMPTFLUX creates persistence so that it stays alive. It endeavors to propagate by replicating its code onto removable drives and mapped network shares. This propagation strategy is similar to methods used in earlier campaigns such as GhostCall. It’s a reminder of how threat actors will never stop adapting their tactics.
“The actor appeared to learn from this interaction and used the CTF pretext in support of phishing, exploitation, and web shell development.” – Google
The threat actor known as PROMPTFLUX recently boasted that they were a player in a recent capture-the-flag (CTF) event. They very creatively took advantage of this context to hone their prompts. This approach let them get around guardrails, gaming the AI system to provide helpful data that could be used for harmful intents.
Challenges in Detection
Code regeneration with the help from LLMs poses several security risks that many security experts have repeatedly warned us about. The malware works on the premise that it can avoid antivirus detection just by being dynamic. As noted by cybersecurity researcher Hutchins, “working under the assumption that Gemini just instinctively knows how to evade antiviruses (it doesn’t).”
Hutchins further highlighted that there is “no entropy to ensure the ‘self-modifying’ code differs from previous versions, or any guardrails to ensure it actually works.” This indicates that although PROMPTFLUX is intended to be adaptive in real-time, it may not execute as well as it is planned.
Moreover, the growing availability of sophisticated AI models creates a lucrative landscape for prompt injection attacks. Cybersecurity analysts warn that “the low-cost, high-reward nature of these attacks makes them an attractive option” for threat actors looking to exploit vulnerabilities.
Broader Implications
The launch of PROMPTFLUX highlights a recent trend in cybersecurity where advanced AI-powered technologies are being weaponized and used for ill purposes. As companies begin adopting these AI models more and more, the risk for malicious use continues to increase. Google emphasizes that this trend creates “perfect conditions for prompt injection attacks.”
Policy implications go far beyond any single funded tech transfer, they have the power to reshape our entire cybersecurity ecosystem. Just as threat actors are constantly perfecting their tactics, so too must our security measures be agile and proactive. With the fast-paced threat landscape of today’s cyber threats, it is ever more important to build greater detection and response capabilities.