Google’s Threat Intelligence Group has discovered an experimental Visual Basic Script malware family named ‘PROMPTFLUX’ that utilizes an AI model API to rewrite its own code, apparently to avoid detection.
GTIG said PROMPTFLUX is written in VBScript and uses a hard-coded API key to query Google’s Gemini model (Gemini 1.5 Flash or later) with highly specific, machine-parsable prompts that request obfuscation and evasion techniques (instructing the model to return code only) so the script can periodically replace itself with a newly obfuscated version.
The malware’s “Thinking Robot” component repeatedly queries the LLM to obtain new VBScript variants, logs AI responses to “%TEMP%\thinking_robot_log.txt,” and writes regenerated copies to the Windows Startup folder to maintain persistence.
Although a self-update mechanism in the sample (AttemptToUpdateSelf) was commented out, GTIG says its presence and the active logging indicate the author’s intent to create a metamorphic, self-modifying threat; one observed variation even instructed the model hourly to act as an “expert VB Script obfuscator” and rewrite the entire source.
PROMPTFLUX also attempts basic propagation by copying itself to removable drives and mapped network shares. Google assessed the malware as still in development or testing and not currently capable of compromising victim environments. The company believes a financially motivated actor is behind the samples, targeting users across geographies and industries rather than a narrow set of victims.
GTIG warned the observed case is part of a broader trend in which adversaries use large language models not simply for productivity but to generate, adapt, and sell purpose-built offensive tools.
Google’s report mentions other LLM-assisted strains the researchers observed, including FRUITSHELL, PROMPTLOCK, PROMPTSTEAL (aka LAMEHUG), and QUIETVAULT, as well as separate activity where a China-nexus actor abused Gemini to create lure content, infrastructure and exploitation tooling by disguising prompts as capture-the-flag exercises to persuade Gemini to provide information that would otherwise be blocked.
The report also noted UNC1069’s use of deepfake images and videos to distribute a backdoor called BIGMACHO under the guise of a Zoom SDK.
