{"id":6579,"date":"2025-11-09T14:00:00","date_gmt":"2025-11-09T14:00:00","guid":{"rendered":"https:\/\/musictechohio.online\/site\/malware-using-rewrite-code-avoid-detection\/"},"modified":"2025-11-09T14:00:00","modified_gmt":"2025-11-09T14:00:00","slug":"malware-using-rewrite-code-avoid-detection","status":"publish","type":"post","link":"https:\/\/musictechohio.online\/site\/malware-using-rewrite-code-avoid-detection\/","title":{"rendered":"Malware Is Now Using AI to Rewrite Its Own Code to Avoid Detection"},"content":{"rendered":"
\n

Researchers at Google\u2019s Threat Intelligence Group (GTIG) have discovered that hackers are creating malware that can harness the power of large language models (LLMs) to rewrite itself on the fly.<\/p>\n

An experimental malware family dubbed PROMPTFLUX, identified by GTIG in a recent blog post<\/a>, can rewrite its own code to avoid detection.<\/p>\n

It\u2019s an escalation that could make future malware far more difficult to detect, further highlighting growing cybersecurity concerns<\/a> brought on by the advent and widespread adoption of generative AI.<\/p>\n

Tools like PROMPTFLUX \u201cdynamically generate malicious scripts, obfuscate their own code to evade detection, and leverage AI models to create malicious functions on demand, rather than hard-coding them into the malware,\u201d GTIG wrote.<\/p>\n

According to the tech giant, this new \u201cjust-in-time\u201d approach \u201crepresents a significant step toward more autonomous and adaptive malware.\u201d<\/p>\n

PROMPTFLUX is a Trojan horse malware that interacts with Google\u2019s Gemini AI model\u2019s application programming interface (API) to learn how to modify itself to avoid detection on the fly.<\/p>\n

\u201cFurther examination of PROMPTFLUX samples suggests this code family is currently in a development or testing phase since some incomplete features are commented out and a mechanism exists to limit the malware\u2019s Gemini API calls,\u201d the group wrote.<\/p>\n

Fortunately, the exploit has yet to be observed infecting machines in the wild, as the \u201ccurrent state of this malware does not demonstrate an ability to compromise a victim network or device,\u201d Google noted. \u201cWe have taken action to disable the assets associated with this activity.\u201d<\/p>\n

Nonetheless, GTIG noted that malware like PROMPTFLUX appears to be \u201cassociated with financially motivated actors.\u201d The team warned of a maturing \u201cunderground marketplace for illicit AI tools,\u201d which could lower the \u201cbarrier to entry for less sophisticated actors.\u201d<\/p>\n

The threat of adversaries leveraging AI tools is very real. According to Google, \u201cState-sponsored actors from North Korea, Iran, and the People\u2019s Republic of China\u201d are already tinkering with the AI to enhance their operations.<\/p>\n

In response to the threat, GTIG introduced a new conceptual framework aimed at securing AI systems.<\/p>\n

While generative AI can be used to create almost impossible-to-detect malware, it can be used for good as well. For instance, Google recently introduced an AI agent, dubbed Big Sleep<\/a>, which is designed to use AI to identify security vulnerabilities in software.<\/p>\n

In other words, it\u2019s AI being pitted against AI in a cybersecurity war that\u2019s evolving rapidly.<\/p>\n

More on AI and cybersecurity:<\/strong> Serious New Hack Discovered Against OpenAI\u2019s New AI Browser<\/em><\/a><\/p>\n

The post Malware Is Now Using AI to Rewrite Its Own Code to Avoid Detection<\/a> appeared first on Futurism<\/a>.<\/p>\n<\/div>\n

<\/div>","protected":false},"excerpt":{"rendered":"

Researchers at Google\u2019s Threat Intelligence Group (GTIG) have discovered that hackers are creating malware that can harness the power of large language models (LLMs) to rewrite itself on the fly.…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[177,1177,3841,3842],"tags":[],"class_list":["post-6579","post","type-post","status-publish","format-standard","hentry","category-artificial-intelligence","category-cybersecurity","category-ethics","category-future-society"],"_links":{"self":[{"href":"https:\/\/musictechohio.online\/site\/wp-json\/wp\/v2\/posts\/6579","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/musictechohio.online\/site\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/musictechohio.online\/site\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/musictechohio.online\/site\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/musictechohio.online\/site\/wp-json\/wp\/v2\/comments?post=6579"}],"version-history":[{"count":0,"href":"https:\/\/musictechohio.online\/site\/wp-json\/wp\/v2\/posts\/6579\/revisions"}],"wp:attachment":[{"href":"https:\/\/musictechohio.online\/site\/wp-json\/wp\/v2\/media?parent=6579"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/musictechohio.online\/site\/wp-json\/wp\/v2\/categories?post=6579"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/musictechohio.online\/site\/wp-json\/wp\/v2\/tags?post=6579"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}