Google Uncovers PROMPTFLUX: AI-Driven Malware Raises the Stakes for 2025 Security
Executive Summary
In November 2025, Google’s threat intelligence team identified a novel malware campaign involving PROMPTFLUX, a Visual Basic Script (VBScript) threat that leverages the Gemini AI model API for rapid self-obfuscation and evasion. Unattributed attackers deployed PROMPTFLUX to rewrite its own source code hourly using AI-driven prompts, significantly complicating detection and dismantling efforts. The malware infiltrated enterprise endpoints using social engineering and malicious email attachments before laterally propagating within corporate environments, thus undermining traditional endpoint and network defense measures. As a result, organizations faced heightened risk of data exfiltration, operational disruption, and increased response complexity.
This incident highlights an emerging class of threats that weaponize generative AI models for polymorphic malware development. The ability to dynamically morph malicious code in real time increases attacker agility and strains legacy detection and compliance controls, reflecting a wider shift toward autonomous, AI-powered cyberattacks.
Why This Matters Now
PROMPTFLUX demonstrates the urgent risk posed by malware that integrates AI APIs to evade security controls and amplify attack speed. As generative AI capabilities expand, security teams must prioritize adaptive controls, anomaly detection, and enhanced east-west security to counteract rapidly evolving threats that leverage autonomous code mutation.
Attack Path Analysis
The attack began with the delivery and execution of the PROMPTFLUX VBScript malware, leveraging Gemini AI APIs to continually obfuscate its own code for enhanced evasion. The malware likely sought local or cloud-based privilege escalation to further its access. Using automated obfuscation and dynamic code rewriting, the adversary positioned for lateral movement across internal cloud workloads. The threat established command and control using encrypted outbound connections and regularly altered communication patterns to avoid detection. Data could be staged and exfiltrated through covert or allowed outbound channels. Ultimately, the malware's impact included persistent compromise, potential data theft, and evasion of many conventional security controls.
Kill Chain Progression
Initial Compromise
Description
The attacker delivered the PROMPTFLUX malware, a VBScript-based loader, to cloud workloads, exploiting weak endpoint controls or user behavior to achieve initial infection.
MITRE ATT&CK® Techniques
Command and Scripting Interpreter: Visual Basic
Obfuscated Files or Information
Hide Artifacts: Hidden Files and Directories
Indicator Removal: File Deletion
Native API
Event Triggered Execution: Windows Management Instrumentation Event Subscription
User Execution: Malicious File
Potential Compliance Exposure
Mapping incident impact across multiple compliance frameworks.
PCI DSS 4.0 – Detection of Malware and Antivirus Protections
Control ID: 10.2.5
NYDFS 23 NYCRR 500 – Cybersecurity Policy
Control ID: 500.03
DORA – ICT Risk Management Framework
Control ID: Article 10, Paragraph 1
CISA ZTMM 2.0 – Continuous Monitoring and Threat Detection
Control ID: Domain 3 - Threat Detection & Response
NIS2 Directive – Incident Response Capabilities
Control ID: Article 21(2)(d)
Sector Implications
Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.
Computer Software/Engineering
PROMPTFLUX malware exploiting AI APIs threatens development environments through VBScript obfuscation, requiring enhanced egress security and anomaly detection for software repositories.
Financial Services
AI-powered malware poses significant risks to financial institutions through advanced evasion techniques, necessitating strengthened zero trust segmentation and threat detection capabilities.
Information Technology/IT
Dynamic code generation via Gemini AI creates unprecedented challenges for IT security teams, demanding enhanced multicloud visibility and inline intrusion prevention systems.
Government Administration
Government systems face elevated threats from self-modifying malware leveraging commercial AI, requiring immediate implementation of encrypted traffic monitoring and policy enforcement.
Sources
- Google Uncovers PROMPTFLUX Malware That Uses Gemini AI to Rewrite Its Code Hourlyhttps://thehackernews.com/2025/11/google-uncovers-promptflux-malware-that.htmlVerified
- GTIG AI Threat Tracker: Advances in Threat Actor Usage of AI Toolshttps://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-toolsVerified
- Here's how spies and crooks abuse Gemini AIhttps://www.theregister.com/2025/11/05/attackers_experiment_with_gemini_ai/Verified
- Google issues security warning for millions - AI-powered malware is herehttps://www.tomsguide.com/computing/malware-adware/google-warns-of-ai-infused-malware-thats-harder-to-detect-than-normal-virusesVerified
Frequently Asked Questions
Cloud Native Security Fabric Mitigations and ControlsCNSF
Zero Trust network segmentation, east-west workload isolation, encrypted traffic controls, egress enforcement, threat detection, and distributed inline policy would have restricted PROMPTFLUX's ability to move, communicate, and exfiltrate data in the cloud. CNSF capabilities would contain lateral movement, block unauthorized command and control, detect anomalies, and enforce least-privilege cloud access for rapid incident response.
Control: Cloud Firewall (ACF)
Mitigation: Initial inbound connections and malware downloads could be prevented.
Control: Zero Trust Segmentation
Mitigation: Prevents escalation paths across segments and limits resource access.
Control: East-West Traffic Security
Mitigation: Restricts unauthorized lateral movement between workloads.
Control: Egress Security & Policy Enforcement
Mitigation: Prevents unapproved outbound and dynamic C2 connections.
Control: Encrypted Traffic (HPE)
Mitigation: Detects, inspects, and blocks hidden or encrypted exfiltration flows.
Detects polymorphic malware behavior and triggers rapid incident response.
Impact at a Glance
Affected Business Functions
- IT Security
- Network Operations
Estimated downtime: N/A
Estimated loss: N/A
No data exposure reported; malware is in experimental phase with no confirmed compromises.
Recommended Actions
Key Takeaways & Next Steps
- • Enforce zero trust segmentation to tightly isolate workloads and prevent unsanctioned east-west movement.
- • Deploy egress filtering and application-level policy to stop dynamic malware communications and outbound data exfiltration.
- • Enable inline traffic inspection and encrypted flow monitoring to detect and block hidden C2 or exfiltration attempts.
- • Integrate automated anomaly detection to rapidly identify and quarantine workloads showing self-modifying or evasive behavior.
- • Centralize multicloud visibility and distributed policy enforcement to streamline incident response and reduce attacker dwell time.
