Google has discovered AI-based malware designed to steal cryptocurrencies

Key points:

• The PROMPTFLUX and PROMPTSTEAL malware programs use Gemini and Qwen AI models to generate code and conceal attacks.
• The North Korean group UNC1069 used Gemini to create phishing scripts and search for crypto wallet data.

The Google Threat Intelligence Group (GTIG) has published a report documenting the first use of large language models (LLMs) in malware operating in real-world operations. Researchers identified five families of malware that use AI to generate, mask, and modify code during execution.

According to the report, attackers are no longer just using AI to increase productivity — they are creating a fundamentally new generation of malware that dynamically changes its behavior right during operation.

PROMPTFLUX and PROMPTSTEAL

One example is the PROMPTFLUX program, written in VBScript. It interacts with the Gemini API and uses it to rewrite its own code to avoid antivirus detection. According to GTIG, this program uses the Thinking Robot mechanism to regularly access the model and receive fresh instructions.

Another tool is PROMPTSTEAL, created by the Russian APT28 group. It uses the Qwen2.5-Coder model via the Hugging Face API to generate Windows commands that collect information about the system and user documents. PROMPTSTEAL masquerades as an image generation application, but in reality executes commands to collect data and send it to the attackers’ server.

Source: Google Report

Families of malware with AI elements and their functions

GTIG notes that both tools are still in the experimental stage, but already demonstrate how AI models can be used to dynamically update malicious code and bypass defenses.

North Korean attacks and cryptocurrency theft

Google also identified activity by the North Korean group UNC1069 (also known as MASAN), which used Gemini for cyberattacks related to cryptocurrency theft. According to the report, the attackers used AI to analyze crypto wallet data, generate phishing scripts, and even create content in different languages, including Spanish, to deceive crypto exchange employees.

Google noted that these campaigns are aimed at financing the North Korean regime through the theft of digital assets. All related accounts have been blocked, and additional anti-abuse measures have been implemented in Gemini models, including stricter API control and filtering of malicious requests.

Underground AI service forums

GTIG has also recorded growth in the underground market for AI tools. Services such as EvilAI, FraudGPT, LoopGPT, and WormGPT are sold on forums, offering the generation of phishing emails, malware, and the automation of cyberattacks.

Source: Google Report

AI tools on underground forums and their applications

Google has warned that the use of LLM in cyber operations is becoming the new norm. This applies to both state-sponsored groups and criminal communities that use AI for hacking, phishing, and bypassing security measures.

The company emphasized that most of these malicious tools are still in the testing phase and are not yet capable of directly infecting devices, but the risk is growing rapidly.