PromptFlux
PROMPTFLUX is an experimental AI-enabled VBScript dropper that uses the Google Gemini API, including Gemini 1.5 Flash, to rewrite or obfuscate its own source code during execution or between runs in an attempt to evade static signature-based detection. Multiple sources describe it as an early documented example of malware using a large language model as an active runtime component rather than only as a development aid, with Google characterizing the technique as "just-in-time" self-modification. The malware has been reported to make live calls to Gemini using a hardcoded API key and to generate modified VBScript variants on a recurring basis, including hourly rewriting in some reporting. Supporting content also states that PROMPTFLUX writes regenerated script versions back to disk, has been associated with persistence via Windows Startup folder locations, and that some early variants attempted limited propagation through removable media and network shares. Detection-focused reporting links it to suspicious outbound Gemini API traffic from non-standard processes, artifacts in temporary directories, and Startup-folder file drops. Google Threat Intelligence Group identified PROMPTFLUX through VirusTotal uploads and observed repeated updated versions, indicating active development and testing for detection evasion. Across the provided content, PROMPTFLUX is consistently described as experimental or proof-of-concept malware; one source attributes it to an unknown threat actor, while another says Google assessed it appeared to be under development by financially motivated actors. It is grouped with other AI-enabled malware families such as HONESTCUE, PROMPTSTEAL, QUIETVAULT, and PROMPTLOCK in reporting on emerging AI-assisted evasive malware.
Hunt this family in your stack
Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.
Techniques & procedures
19 distinct techniques documented for this family, organized by ATT&CK tactic.
Resource Development
1 techniquethreat actors are using large language models to write polymorphic loaders... Public reporting now names specific actor clusters in the wild... APT27... used Gemini to accelerate development of fleet management tooling... APT45... sending thousands of repetitive prompts that recursively analyze CVEs and validate proof-of-concept exploits
Initial Access
1 techniqueExecution
2 techniquesThe script follows established Konni tradecraft in terms of delivery and execution... APT36... Core logic... is repeatedly re‑implemented in different runtimes, including Nim, Zig, Crystal, Go, and .NET.
Persistence
1 techniquePrivilege Escalation
2 techniquesIts activity may include unusual outbound traffic, process injections, and script execution outside normal workflows.
Stealth
7 techniquesPROMPTFLUX connects to Google gemini-1.5-flash-latest to rewrite its own VBScript source code between runs, making it harder to detect.
...two newly disclosed malware families that leverage AI for evasive techniques such as polymorphism...
PROMPTFLUX makes live calls to the Gemini API to dynamically modify itself, HONESTCUE queries Gemini at runtime to request specific VBScript obfuscation routines just-in-time so the bytes on disk at minute zero differ from the bytes at minute thirty.
Promptflux : A self-morphing dropper that calls the Gemini API to periodically rewrite its own source code, bypassing static signature-based detection.
„…PROMPTFLUX… ein sogenannter ‘Dropper’, der seine maliziöse Aktivität mit Hilfe eines Fake-Installationsprogramms verbirgt.“ / „Die Malware tarnt sich als Programm zur Bildgenerierung…“
Discovery
2 techniquesPersistence is achieved by storing regenerated copies in startup locations, while early variants also attempted limited propagation via removable media and network shares.
Lateral Movement
2 techniquesPersistence is achieved by storing regenerated copies in startup locations, while early variants also attempted limited propagation via removable media and network shares.
"attempts to propagate by copying itself to ... mapped network shares"
Command and Control
4 techniquesPromptFlux is a POC malware sample that abuses Gemini-like services for command-and-control operations. | The malware exploits Gemini API access to receive instructions or exfiltrate data, often using hard-coded keys or unauthorized requests.
Promptflux : A self-morphing dropper that calls the Gemini API to periodically rewrite its own source code
"attempts to propagate by copying itself to removable drives"
The malware also stages payloads, configuration files, or encrypted prompts in temporary directories such as TMP
Exfiltration
1 techniqueThe malware exploits Gemini API access to receive instructions or exfiltrate data
IOCs tracked for this family
3 indicators attributed across vendor reports, sandbox runs, and researcher write-ups. Full values are available in Mallory.
File hashes (MD5, SHA-1, SHA-256) from samples and reports.
Recent activity
38 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
AI-enabled dropper that uses Google Gemini via a hardcoded API key to rewrite its own VBScript source between runs, enabling polymorphism and evasion.
A loader that dynamically modifies itself at runtime via Gemini API calls to enable rapid polymorphism and evasion.
A malware family described as dynamically modifying itself at runtime via live Gemini API calls, enabling rapid polymorphism and evasion.
Self-morphing dropper that uses the Gemini API to periodically rewrite its own source code to evade static signature-based detection.
The version that knows your environment.
Match every observed IP, domain, and hash against your live telemetry.
Named campaigns wielding this family, with evidence pinned to each claim.
CVEs this family uses for access and lateral movement.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Every documented technique, ranked by evidence weight.
Reddit, Mastodon, and CTI community discussion around this family.