The Google Threat Intelligence Group (GTIG) has discovered a new type of AI-based malware that uses large language models to dynamically generate malicious scripts and evade detection.
The Google Threat Intelligence Group (GTIG) has discovered a new type of AI-based malware that uses large language models to dynamically generate malicious scripts and evade detection.
This is stated in the GTIG report, which identifies two groups that use the so-called «just-in-time AI» — PromptFlux and PromptSteal.
«These tools dynamically generate malicious scripts, obfuscate their own code to avoid detection, and use artificial intelligence models to create malicious functions on demand, rather than hard-coding them into the malware,» the researchers explain.
According to them, this is a significant step towards «autonomous and adaptive» malware.
PromptFlux is a dropper written in VBScript that is «regenerated» using Google’s Gemini API. It prompts LLM to rewrite its own source code «on the fly» and then save the modified version to the Startup folder for safekeeping. The malware also attempts to spread by copying itself to removable drives and connected network shares, GTIG notes.
PromptSteal is a Python data theft program that uses the LLM Qwen2.5-Coder-32B-Instruct to generate one-line Windows commands. This allows it to retrieve information and documents in specific folders and send the data to a command and control (C2) server.
GTIG reported that it observed the use of PromptSteal by Russian hackers FROZENLAKE (designated APT28) in Ukraine, and PromptFlux is still in development.
Previously, the Ukrainian Cyber Incident Response Team CERT-UA reported that the hacker group UAC-0001 (APT28) is controlled by Russian special services. In the summer of 2025, it was responsible for 110 recorded cyberattacks on state bodies.
CERT-UA noted that these Russian hackers were behind the distribution of emails to Ukrainian officials with an attachment in the form of a file «Dodatok.pdf.zip.» It contained the LAMEHUG malware, which used LLM Qwen 2.5-Coder-32B-Instruct to steal data.
