BANGKOK – Google’s Threat Intelligence Group has issued a warning about a new generation of malware that uses artificial intelligence to dynamically rewrite its own code during execution, creating a significant challenge for traditional cybersecurity defenses. These AI-powered threats can adapt their behavior in real-time to evade detection while systematically harvesting data from compromised systems.

Mobile Malware Blamed for Money Theft: BoT

According to researchers, multiple malware families now demonstrate these capabilities. PromptFlux connects to the Google Gemini API to request code-obfuscation techniques before writing modified payloads into system startup folders. PromptSteal utilizes the Hugging Face API to access the Qwen2.5-Coder model, generating PowerShell commands that extract files from sensitive directories. Another variant, QuietVault, employs AI-driven command-line tools to search for authentication tokens from development platforms like NPM and GitHub.

The machines are fighting back.

"Experimental Malware Using Gemini for Self-Modification to Evade Detection" #Cybersecurity #Google https://t.co/ddKyQ1A2vz

— Eddie (@EddieWhoWrites) November 17, 2025

Google characterizes these developments as the beginning of an era of automated, self-modifying malware that can continuously evolve during attacks. The company predicts rapid sophistication of AI-assisted offensive tools as underground markets begin offering AI-based malware and phishing generation services. Security experts recommend organizations enhance behavioral monitoring for suspicious activities and update security controls to address these increasingly adaptive threats.

-Thailand News (TN)