Threat Research

A Rise in AI-Driven Malware

Securonix
A Rise in AI-Driven Malware

Researchers observed AI-integrated malware families that query large language models at runtime to generate code, obfuscate payloads, and adapt behavior, with notable families including PROMPTFLUX, PROMPTSTEAL, PROMPTLOCK, FRUITSHELL, and QUIETVAULT. These tools were used for persistence, reconnaissance, data exfiltration, and cross-platform encryption, with APT28 (LAMEHUG) deploying PROMPTSTEAL against Ukrainian targets. #PROMPTFLUX #PROMPTSTEAL

Keypoints

  • PROMPTFLUX is a VBScript dropper that embeds Gemini API keys to request obfuscation code from an LLM, logs responses to %TEMP%thinking_robot_log.txt, regenerates itself periodically, and spreads to network and removable drives.
  • PROMPTSTEAL, attributed to APT28 (aka LAMEHUG) in campaigns against Ukraine, is a PyInstaller-packaged Python miner that queries Hugging Face models to generate concise commands for collecting system details and exfiltrating documents.
  • PROMPTLOCK is a Go-based ransomware proof-of-concept that uses LLMs to dynamically produce Lua scripts enabling filesystem traversal, exfiltration, and encryption on Windows and Linux.
  • FRUITSHELL is a PowerShell reverse shell that uses prompts to evade LLM-based analyzers and maintain stealthy command-and-control behavior.
  • QUIETVAULT is a JavaScript stealer targeting GitHub and NPM tokens, enumerating and exfiltrating secrets via local AI CLIs and public repositories while attempting disruptive persistence by modifying shell startup files.
  • Malware families invoke APIs from providers like Gemini and Hugging Face at runtime to rewrite source code, generate one-line reconnaissance commands, or craft platform-specific scripts, enabling dynamic adaptation and evasion.
  • Observed IOCs include numerous file hashes for PromptLock and QuietVault samples; researchers continue monitoring samples via PolySwarm and provide search commands for sample discovery.

MITRE Techniques

  • [T1059 ] Command and Scripting Interpreter – Malware (PROMPTSTEAL, PROMPTFLUX, FRUITSHELL) generated and executed commands and scripts; “produce one-line Windows commands for reconnaissance and data collection.”
  • [T1105 ] Ingress Tool Transfer – File download or staging through network shares and removable media by PROMPTFLUX – “spreading to removable media” and copying to networked drives.
  • [T1547 ] Boot or Logon Autostart Execution – Persistence via Startup folder and shell startup modification by PROMPTFLUX and QUIETVAULT – “persisting via rewritten variants in the Startup folder” and “Modify user shell startup files (~/.bashrc, ~/.zshrc) by appending the line sudo shutdown -h 0.”
  • [T1027 ] Obfuscated Files or Information – Use of LLMs for self-obfuscation and code rewriting by PROMPTFLUX and evolving PROMPTSTEAL samples – “request obfuscation techniques” and “evolving samples introducing obfuscation.”
  • [T1213 ] Data from Information Repositories – Collection of Office documents and PDFs by PROMPTSTEAL – “recursive copying of Office documents and PDFs from user folders.”
  • [T1041 ] Exfiltration Over C2 Channel – Exfiltration of aggregated info and documents to actor-controlled servers by PROMPTSTEAL – “results route to actor-controlled servers.”
  • [T1486 ] Data Encrypted for Impact – Ransomware encryption routines produced dynamically by PROMPTLOCK using LLM-generated Lua scripts – “dynamically creates Lua scripts for cross-platform encryption.”
  • [T1537 ] Transfer Data to Cloud Account – QUIETVAULT attempts to create GitHub repositories and upload encoded results using local tokens – “Attempt to create a GitHub repository using a local gh token and upload the encoded results to it.”

Indicators of Compromise

  • [File Hash ] PromptLock sample hashes – e24fe0dd0bf8d3943d9c4282f172746af6b0787539b371e6626bdb86605ccd70, 1458b6dc98a878f237bfb3c3f354ea6e12d76e340cefe55d6a1c9c7eb64c9aee, and 5 more hashes.
  • [File Hash ] QuietVault sample hash – 8eea1f65e468b515020e3e2854805f1ef5c611342fa23c4b31d8ed3374286a90.
  • [File Path ] PROMPTFLUX logging and persistence – %TEMP%thinking_robot_log.txt (LLM responses logged), Startup folder (regenerated variants persisted).
  • [Model/API ] LLM endpoints and models referenced – Gemini API (hard-coded keys in PROMPTFLUX), Hugging Face Qwen2.5-Coder-32B-Instruct model used by PROMPTSTEAL.
  • [Filename/Artifact ] PROMPTSTEAL local artifacts – C:ProgramDatainfo and info.txt used as aggregation locations for collected system and document data.

Read more: https://blog.polyswarm.io/rise-of-the-ai-enabled-malware

SHARE THIS STORY

WhatsAppX (Twitter)TelegramBlueskyFacebookLinkedInThreadsEmailPrint