Google has discovered that North Korean hackers are utilizing synthetic intelligence (AI) to help cryptocurrency theft.
In a current report, the corporateās Menace Intelligence Group (GTIG) defined that a number of malware packages depend on massive language fashions (LLMs) to jot down or change code whereas operating.
GTIG stated it has noticed at the least 5 sorts of AI-powered malware lively in present assaults.
Do you know?
Subscribe – We publish new crypto explainer movies each week!
Is Cryptocurrency a Good Funding? (5 PROS & CONS!)
In contrast to conventional malware, which accommodates fastened directions, these new packages can use fashions like Gemini or Qwen2.5-Coder to create or conceal dangerous code when wanted. This method, known as “just-in-time code creation”, lets the malware modify itself and keep away from detection methods.
Two examples from the report, PROMPTFLUX and PROMPTSTEAL, present how attackers are combining AI with hacking operations.
PROMPTFLUX contacts the Gemini API each hour to rewrite elements of its VBScript code, whereas PROMPTSTEAL, linked to Russiaās APT28 group, makes use of the Qwen mannequin on Hugging Face to generate Home windows instructions throughout assaults.
The report additionally highlights a North Korean group often known as UNC1069, or Masan. In accordance with Google, this group is understood for stealing cryptocurrency by means of social engineering.
Investigators discovered that UNC1069 used Gemini to search for pockets knowledge, write scripts that attain encrypted recordsdata, and create phishing emails in a number of languages aimed toward crypto alternate staff.
Just lately, GTIG recognized a brand new tactic utilized by North Korean hackers, often known as “EtherHiding”. What’s it? Learn the total story.
