Skip to main content
See every side of every news story
Get Started
SubscribeLogin
Published loading...Updated

Google Warns Criminals Are Building and Selling Illicit AI Tools - and the Market Is Growing

Google's Threat Intelligence Group found AI-powered malware using large language models to dynamically alter code, aiding sophisticated evasion in real-world attacks in 2025.

  • On Wednesday, Google's Threat Intelligence Group warned that malware can connect to large language models to refine attacks in real time, describing a 'just-in-time' self-modification technique.
  • Researchers found growing demand in underground marketplaces as developers aggressively promote AI features with API and Discord access, accelerating availability of malicious services on English and Russian-speaking underground marketplaces.
  • PromptFlux periodically queried Gemini via a 'Thinking Robot' module to create obfuscated VBScript, QuietVault used AI CLI prompts to find secrets, and PromptSteal queried Qwen in Ukraine.
  • Google disabled accounts and assets, reinforced Gemini safeguards, and faced skepticism from Marcus Hutchins, who said, `It doesn't specify what the code block should do, or how it's going to evade an antivirus.`
  • These cases suggest a broader shift in how adversaries use LLMs, with Masan, Iranian groups, and Anthropic's Claude AI chatbot involved in cross-company threats.
Insights by Ground AI

15 Articles

Utility DiveUtility Dive
Lean Left

AI-based malware makes attacks stealthier and more adaptive

Google says it has discovered at least five malware families that use AI to reinvent themselves and hide from defenders.

Read Full Article
Tech RadarTech Radar
Center

Google warns criminals are building and selling illicit AI tools - and the market is growing

AI tools are being specially built for cyber crime, new Google research warns.

·United Kingdom
Read Full Article
PC MagPC Mag
Lean Left

Google Finds Malware Connecting to AI Large Language Models to Hone Attacks

The company is warning about newly discovered malware, including 'Promptflux' and 'Promptsteal,' that use generative AI. But one prominent researcher is questioning the findings.

·United States
Read Full Article
BleepingComputerBleepingComputer
Reposted by
BizTocBizToc
Center

Google warns of new AI-powered malware families deployed in the wild

Google's Threat Intelligence Group (GTIG) has identified a major shift this year, with adversaries leveraging artificial intelligence to deploy new malware families that integrate large language models (LLMs) during execution. [...]

Read Full Article
decrypt.codecrypt.co

Google Threat Report Links AI-powered Malware to DPRK Crypto Theft

New research from Google’s threat unit shows hackers are using LLMs to mutate malware and study how to steal from crypto wallets.

·New York, United States
Read Full Article
pcgamerpcgamer

Great, now even malware is using LLMs to rewrite its code, says Google, as it documents new phase of 'AI abuse'

I'm sorry Dave, I'm afraid I can't do that.

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 50% of the sources lean Left, 50% of the sources are Center
50% Center

Factuality Info Icon

To view factuality data please Upgrade to Premium

Ownership

Info Icon

To view ownership data please Upgrade to Vantage

BleepingComputer broke the news in on Wednesday, November 5, 2025.
Too Big Arrow Icon
Sources are mostly out of (0)

Similar News Topics

Google icon

Google

Energy icon

Energy

Technology icon

Technology

Cybercrimes icon

Cybercrimes

Cyber Security icon

Cyber Security

Large Language Models (LLMs) icon

Large Language Models (LLMs)

Cryptocurrency icon

Cryptocurrency

News
Feed Dots Icon
For You
Search Icon
SearchBlindspot LogoBlindspotLocal