For the first time, state-sponsored hackers have introduced malware that uses an extensive language model during execution, allowing them to dynamically generate malicious scripts and evade detection, according to new research.
Cybersecurity experts have observed hackers using AI in recent years for purposes such as increasing the number of victims, but researchers at Google announced Wednesday that they recently observed malware that “leverages AI capabilities to dynamically change the malware’s behavior during execution.”
This trend should be considered “an important step toward more autonomous and adaptive malware,” the report said.
In June, researchers discovered experimental dropper malware tracked as PROMPTFLUX that prompted LLM to rewrite its own source code to evade detection.
According to the report, PROMPTFlux, which Google announced it had disrupted, appears to be in the testing phase and does not have the ability to compromise victims’ networks or devices.
Another new piece of malware, tracked as PROMPTSTEAL, was used by Russia-linked APT28 (also known as BlueDelta, Fancy Bear, and FROZENLAKE) against targets in Ukraine in June, leveraging LLM to generate commands rather than hard-coding them into the malware. The incident marked Google’s “first observation of malware querying LLM deployed in production,” according to the report.
The researchers called these techniques experimental, but said they show how threats are changing and how threat actors “may incorporate AI capabilities into future intrusion efforts.”
“Threat actors are going beyond the norms observed in 2024 by ‘vibecoding’ and using AI tools for technical support,” the report said.
The market for “purpose-built” AI tools to facilitate criminal activity is growing, the report added. According to the report, low-level criminals without much technical expertise or funding can now find effective tools in underground forums to increase the complexity and scope of their attacks.
“Many underground forum ads reflected language comparable to traditional marketing for legitimate AI models, asserting the need to improve workflow and labor efficiency while providing guidance to potential customers interested in their services,” the report said.
recorded future
intelligence cloud.
learn more.
