Full Report
Google on Wednesday said it discovered an unknown threat actor using an experimental Visual Basic Script (VB Script) malware dubbed PROMPTFLUX that interacts with its Gemini artificial intelligence (AI) model API to write its own source code for improved obfuscation and evasion. "PROMPTFLUX is written in VBScript and interacts with Gemini's API to request specific VBScript obfuscation and
Analysis Summary
# Threat Actor: Unknown
## Attribution & Identity
* **Identification:** An unknown threat actor discovered by Google Threat Intelligence Group (GTIG).
* **Aliases/Associations:** None explicitly named in relation to PROMPTFLUX. The use of AI tools is noted in connection with a China-nexus actor separately, but this actor is not directly linked to PROMPTFLUX.
## Activity Summary
* The actor is utilizing an experimental Visual Basic Script (VB Script) malware named PROMPTFLUX.
* PROMPTFLUX incorporates a novel component dubbed the "Thinking Robot" which periodically queries the Gemini AI model API (Gemini 1.5 Flash or later) to dynamically rewrite and obfuscate its own source code to evade detection.
* One observed variant rewrote its entire source code every hour using a prompt instructing the LLM to act as an "expert VB Script obfuscator."
* The malware is assessed to be in a development or testing phase, currently lacking mechanisms to fully compromise a victim network or device.
## Tactics, Techniques & Procedures
* **Self-Modification/Metamorphism:** Periodically queries an LLM (Gemini) via API to request new VBScript code specifically designed for obfuscation and antivirus evasion, resulting in "just-in-time" self-modification.
* **Persistence:** Saves the newly obfuscated version to the Windows Startup folder.
* **Lateral Movement/Propagation:** Attempts to copy itself to removable drives and mapped network shares.
* **Logging:** Actively logs AI responses to `%TEMP%\thinking_robot_log.txt`.
* **Obfuscation:** Specifically requests obfuscation techniques from the LLM to sidestep static signature-based detection.
* **MITRE ATT&CK:** Not explicitly referenced in the provided text, but TTPs align conceptually with T1059.003 (Command and Scripting Interpreter: VisualBasic), T1055 (Process Injection - indirect), and T1588 (Obtain Capabilities - acquiring capability via AI augmentation).
## Targeting
* **Sectors:** Broad, geography- and industry-agnostic approach, targeting a wide range of users.
* **Geography:** Not specified.
* **Victims:** Currently noted for testing/development; no specific compromised victims were mentioned.
## Tools & Infrastructure
* **Malware Families Used:** PROMPTFLUX (written in VBScript). Other observed LLM-powered malware mentioned in passing include FRUITSHELL, PROMPTLOCK, PROMPTSTEAL (LAMEHUG), and QUIETVAULT.
* **Infrastructure:** Utilizes the official Gemini AI model API, access is facilitated via a hard-coded API key.
* **Defanged URLs/APIs:** Queries the Gemini API endpoint.
## Implications
* Demonstrates an advanced adoption of Generative AI by threat actors, moving beyond productivity gains to create metamorphic malware capable of adjusting behavior during execution to counter security defenses.
* The use of LLMs for automated, hourly code regeneration poses a significant challenge to static signature detection methods.
## Mitigations
* Implement advanced behavioral monitoring and endpoint detection and response (EDR) to detect malicious script execution and activity patterns (e.g., unexpected API calls from scripts, self-modification).
* Monitor network traffic for unusual outbound connections originating from user-level scripts to external commercial APIs (like the Gemini API).
* Monitor user-level artifacts such as the `%TEMP%` directory for unusual log files generated by scripts (e.g., `thinking_robot_log.txt`).
* Implement strict controls or monitoring around the Windows Startup folder entries created by non-standard processes.