PROMPTFLUX: Google Uncovers First AI Malware That Rewrites Its Code Hourly Using Gemini

By Imthiyaz Ali
PROMPTFLUX: Google Uncovers First AI Malware That Rewrites Its Code Hourly Using Gemini

[CITY] — The cybersecurity landscape has been fundamentally altered following a startling new discovery by the Google Threat Intelligence Group (GTIG). In a recent report, Google unveiled an experimental, yet highly adaptive, malware family dubbed PROMPTFLUX, which utilizes the company's own Gemini Large Language Model (LLM) API to rewrite its source code continuously, potentially on an hourly basis.

This is the first known instance of malware actively leveraging a major commercial AI model during its execution to achieve **"just-in-time" self-modification**, marking a critical transition from cyber threat actors merely using AI for productivity (e.g., writing phishing emails) to deploying it as an integrated, operational component of the attack itself.

The 'Thinking Robot' and Hourly Mutation

PROMPTFLUX is a dropper written in **Visual Basic Script (VBScript)**, a language still widely used in legacy systems. The heart of the malware is a component that GTIG researchers have called the "Thinking Robot" module.

  • AI Interaction: The module periodically initiates a POST request to the **Gemini 1.5 Flash or later API endpoint** using a hard-coded API key.
  • The Prompt: The instruction sent to the LLM is highly specific and machine-parsable, directing the model to **"Act as an expert VBScript obfuscator"** and requesting new code for **obfuscation and evasion techniques**.
  • The Goal: The objective is to create a metamorphic script that can evolve its digital signature constantly. By rewriting its entire source code every sixty minutes, the malware seeks to evade signature-based antivirus and traditional security tools that rely on identifying known code patterns.

GTIG Assessment: While the self-modification function was commented out in some initial samples, proving the malware is still in a **development or testing phase**, its presence and the active logging of AI responses strongly indicate the author's intent to create a highly autonomous and elusive threat.

The Critical Evasion Threat

The primary danger posed by PROMPTFLUX is not its initial payload, but its potential to render established defensive security measures obsolete.

Traditional Detection Method PROMPTFLUX Evasion Technique
Static Signature Detection (File Hashes) Rewrites its entire code hourly, ensuring the file hash is constantly new and unknown to signature databases.
Hard-Coded Command Logic (IOCs) Relies on a live connection to an external LLM to generate "just-in-time" code for evasion, meaning the malicious logic is never fully static or hard-coded.

In addition to its novel evasion method, the malware attempts to establish persistence by saving its newly generated, obfuscated version to the Windows Startup folder and aims to propagate across networks by copying itself to mapped network shares and removable drives.

The Future of AI-Enabled Cybercrime

PROMPTFLUX is not an isolated incident. The GTIG report, AI Threat Tracker: Advances in Threat Actor Usage of AI Tools, also highlighted other AI-enabled threats:

  • PROMPTSTEAL: A data-miner malware linked to the Russian-backed threat group APT28, which queries external LLMs to dynamically generate Windows commands for data collection and exfiltration.
  • Bypassing Guardrails: Threat actors are increasingly using social engineering tactics in their prompts—such as posing as "cybersecurity students" or "CTF participants"—to trick LLMs into providing restricted or malicious code.
  • Maturity of the Illicit Market: The underground cybercrime market is rapidly maturing, now offering subscription-based, unrestricted AI tools for deepfake creation, phishing, and malware development.

The Call for a New Defensive Posture

While Google confirmed it has taken action to disable the projects and accounts associated with this activity and is reinforcing its platform safety, the discovery of PROMPTFLUX is a clear warning to the global security community.

"We are now entering a new operational phase of AI abuse. Defenses must shift away from simply identifying static files toward comprehensive behavioral analysis," states a senior analyst at [Your News Outlet Name]. "The focus must be on detecting suspicious actions—such as VBScript processes making external AI API calls or dynamically writing to system directories—not just known file hashes."

The development of PROMPTFLUX signals a new "AI arms race" where defensive strategies must rapidly adapt to counter continuously mutating, LLM-enabled threats.

Imthiyaz Ali
Imthiyaz Ali
Imtiyaz is an experienced Cybersecurity Professional with over 5 years of experience in Cybersecurity Research.