rewrite this content using a minimum of 1000 words and keep HTML tags
Google has found that North Korean hackers are using artificial intelligence (AI) to support cryptocurrency theft.
In a recent report, the company’s Threat Intelligence Group (GTIG) explained that several malware programs rely on large language models (LLMs) to write or change code while running.
GTIG said it has observed at least five types of AI-powered malware active in current attacks.
Did you know?
Subscribe – We publish new crypto explainer videos every week!
What Does Staking Mean in Crypto? (Easily Explained!)
Unlike traditional malware, which contains fixed instructions, these new programs can use models like Gemini or Qwen2.5-Coder to create or hide harmful code when needed. This approach, called “just-in-time code creation”, lets the malware adjust itself and avoid detection systems.
Two examples from the report, PROMPTFLUX and PROMPTSTEAL, show how attackers are combining AI with hacking operations.
PROMPTFLUX contacts the Gemini API every hour to rewrite parts of its VBScript code, while PROMPTSTEAL, linked to Russia’s APT28 group, uses the Qwen model on Hugging Face to generate Windows commands during attacks.
The report also highlights a North Korean group known as UNC1069, or Masan. According to Google, this group is known for stealing cryptocurrency through social engineering.
Investigators found that UNC1069 used Gemini to look up wallet data, write scripts that reach encrypted files, and create phishing emails in several languages aimed at crypto exchange employees.
Recently, GTIG identified a new tactic used by North Korean hackers, known as “EtherHiding”. What is it? Read the full story.
and include conclusion section that’s entertaining to read. do not include the title. Add a hyperlink to this website [http://defi-daily.com] and label it “DeFi Daily News” for more trending news articles like this
Source link
