Cybersecurity researchers at Google Threat Intelligence Group (GTIG) have identified a significant shift in how threat actors are leveraging artificial intelligence in their operations. The discovery of experimental malware called PROMPTFLUX marks a watershed moment in cyber threats, demonstrating that attackers are no longer using AI merely to boost productivity they are now deploying AI-enabled […]
A sophisticated Android-based NFC relay attack dubbed NGate has emerged as a serious threat to banking security across Poland, targeting financial institutions and their customers through coordinated social engineering and technical exploitation.
Cert.PL analysts identified new malware samples in recent months that orchestrate unauthorized ATM cash withdrawals without requiring physical theft of payment cards.
Rather than stealing cards directly, threat actors employ a relay mechanism that captures NFC communication from victims’ Android phones and forwards it to attacker-controlled devices positioned at ATMs.
The attack chain combines multiple deception tactics to succeed. Victims initially receive phishing messages via email or SMS claiming technical problems or security incidents, directing them to install a fake banking application.
Following installation, scammers impersonate bank employees through phone calls requesting identity verification, further legitimizing the fraudulent application.
The victim is then prompted to tap their physical payment card against the phone for verification purposes while entering their PIN through an on-screen keypad.
Cert.PL analysts noted the sophisticated technical architecture underlying NGate’s operations.
Once the victim taps their card, the malware captures all NFC exchanges identical to legitimate terminal communications and transmits them to the attacker’s C2 server operating at IP 91.84.97.13:5653.
Payment verification (Source – Cert.PL)
The attacker’s device then replays this data to the ATM, and with both the card information and PIN already compromised, they execute unauthorized cash withdrawals.
Infection mechanism
The infection mechanism reveals advanced evasion techniques. The application registers itself as a Host Card Emulation (HCE) payment service on Android, enabling it to function as a virtual card.
Configuration data containing the C2 server address remains hidden in an encrypted asset bundled within the application.
This encryption employs the SHA-256 hash of the APK signing certificate as an XOR key, derived through JNI function calls that retrieve certificate data from the Android PackageManager.
Technical analysis shows the app establishes cleartext TCP connections using a framed protocol structure containing length markers and opcodes.
The malware captures card data including PAN, expiration dates, AIDs, and APDUs before immediately exfiltrating PIN information through dedicated protocol messages.
Users can protect themselves by downloading banking applications exclusively from official stores and verifying unexpected bank calls through direct contact with their financial institution.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.
The Cybersecurity and Infrastructure Security Agency has issued a critical warning regarding a newly identified vulnerability affecting Gladinet CentreStack and Triofox platforms.
The flaw, tracked as CVE-2025-11371, exposes sensitive system files and directories to unauthorized external access, potentially compromising organizations relying on these file-sharing solutions for business operations.
These files or directories accessible to external parties allow attackers to discover and retrieve confidential system information without proper authentication.
The vulnerability stems from improper access controls within the affected applications, classified under CWE-552, which specifically addresses issues where sensitive resources remain accessible to unintended actors.
Security researchers have confirmed active exploitation attempts targeting vulnerable deployments, prompting immediate federal agency intervention.
Understanding the Exposure and Risk
The vulnerability CVE-2025-11371 creates a significant exposure window for attackers attempting to gather reconnaissance data or launch follow-up attacks.
By accessing exposed directories, threat actors can identify system configurations, user information, and potentially hardcoded credentials information commonly leveraged in multi-stage attack chains.
While the vulnerability has not yet been publicly linked to ransomware campaigns, cybersecurity experts warn that the accessible information could enable devastating ransomware deployments.
CVE ID
Vulnerability Type
Affected Products
CVE-2025-11371
Files or Directories Accessible to External Parties
Gladinet CentreStack, Triofox
CISA has assigned this vulnerability a remediation deadline of November 25, 2025, providing organizations approximately three weeks to implement protective measures.
The agency recommends three primary mitigation strategies depending on organizational capability and risk tolerance. First, organizations should immediately apply all vendor-supplied patches and security updates.
Second, federal agencies managing cloud services should implement controls aligned with Binding Operational Directive 22-01, which mandates specific security baselines for government cloud infrastructure.
Third, organizations unable to patch or implement equivalent protections are advised to discontinue using the product entirely.
Organizations currently deploying Gladinet CentreStack or Triofox should prioritize verification of their current software versions and check vendor advisories for available patches.
Network administrators should review access logs to identify any suspicious file access attempts or unusual data queries.
Implementing network segmentation, restricting external access to administrative interfaces, and deploying enhanced monitoring solutions can provide interim protection while patches are applied.
The vulnerability underscores ongoing challenges with cloud-based file-sharing platforms and the critical importance of maintaining updated security postures.
Hyundai AutoEver America, LLC has formally confirmed a significant data breach that compromised sensitive customer information. The automotive software provider disclosed the incident through official breach notification letters sent to affected individuals, revealing that attackers gained unauthorized access to names, Social Security numbers, and driver’s license information during a coordinated cyber attack. The unauthorized activity […]
Google has released an emergency security update for Chrome across all platforms, rolling out version 142.0.7444.134 and 142.0.7444.135 to address five critical and medium-severity vulnerabilities. The update addresses urgent security concerns identified in the browser’s WebGPU implementation and other core components that could expose users to remote code execution attacks. The emergency release came on […]
Google Threat Intelligence Group (GTIG) has unveiled details of an experimental malware family called PROMPTFLUX, which leverages the company’s Gemini AI API to dynamically rewrite its own code, marking a chilling evolution in AI-assisted cyber threats.
This development, detailed in GTIG’s latest AI Threat Tracker report released on November 4, 2025, highlights how adversaries are shifting from mere productivity tools to embedding large language models (LLMs) directly into malware for real-time adaptation and evasion.
While still in testing phases and not yet capable of widespread compromise, PROMPTFLUX represents the first observed instance of “just-in-time” AI integration in malicious software, potentially paving the way for more autonomous attacks.
PROMPTFLUX operates as a VBScript-based dropper, initially masquerading as innocuous installers like “crypted_ScreenRec_webinstall” to trick users across various industries and regions.
Its core innovation lies in the “Thinking Robot” module, which uses a hard-coded Gemini API key to query the “gemini-1.5-flash-latest” model for obfuscated VBScript code designed to bypass antivirus detection.
PROMPTFLUX Malware Using Gemini API
The malware prompts the LLM to generate self-contained evasion scripts, outputting only the code without extraneous text, and logs responses in a temporary file for refinement.
In advanced variants, it rewrites its entire source code hourly, embedding the original payload, API key, and regeneration logic to create a recursive mutation cycle that ensures persistence via the Windows Startup folder.
GTIG notes that while features like the self-update function remain commented out, indicating early development, the malware also attempts lateral spread to removable drives and network shares.
This approach exploits AI’s generative power not just for creation, but for ongoing survival, differing from static malware that relies on fixed signatures easily detected by defenders.
The emergence of PROMPTFLUX aligns with a maturing cybercrime marketplace where AI tools flood underground forums, offering capabilities from deepfake generation to vulnerability exploitation at subscription prices.
GTIG’s analysis reveals state-sponsored actors from North Korea, Iran, and China, alongside financially motivated criminals, increasingly abusing Gemini across the attack lifecycle from phishing lures to command-and-control setups.
PROMPTFLUX Malware Using Gemini API
For instance, related malware like PROMPTSTEAL, linked to Russia’s APT28, queries Hugging Face’s Qwen2.5 LLM to generate reconnaissance commands disguised as image tools.
Attackers are also employing social engineering in prompts, posing as CTF participants or students to circumvent AI safeguards and extract exploit code.
As these tools lower barriers for novice actors, GTIG warns of heightened risks, including adaptive ransomware like PROMPTLOCK that dynamically crafts Lua scripts for encryption.
In response, Google has swiftly disabled associated API keys and projects, while DeepMind enhances Gemini’s classifiers and model safeguards to block misuse prompts.
The company emphasizes its commitment to responsible AI via principles that prioritize robust guardrails, sharing insights through frameworks like Secure AI (SAIF) and tools for red-teaming vulnerabilities.
Innovations such as Big Sleep for vulnerability hunting and CodeMender for automated patching underscore efforts to counter AI threats proactively.
Though PROMPTFLUX poses no immediate compromise risk, GTIG predicts rapid proliferation, urging organizations to monitor API abuses and adopt behavioral detection over signatures.
As AI integrates deeper into operations, this report signals an urgent need for ecosystem-wide defenses to stay ahead of evolving adversaries.
Cybersecurity researchers have discovered a resurgent Gootloader malware campaign employing sophisticated new evasion techniques that exploit ZIP archive manipulation to evade detection and analysis. Credit for uncovering this latest threat goes to security researcher RussianPanda and the team at Huntress, identified the campaign actively targeting victims through compromised websites. Despite previous disruption efforts earlier this […]
Cybersecurity researchers at Tenable have uncovered a series of critical vulnerabilities in OpenAI’s ChatGPT that could allow malicious actors to steal private user data and launch attacks without any user interaction. The security flaws affect hundreds of millions of users who interact with large language models daily, raising significant concerns about the safety of AI. […]
SonicWall has formally implicated state-sponsored threat actors as behind the September security breach that led to the unauthorized exposure of firewall configuration backup files.
“The malicious activity – carried out by a state-sponsored threat actor – was isolated to the unauthorized access of cloud backup files from a specific cloud environment using an API call,” the company said in a
A sophisticated espionage campaign targeting recruitment professionals has emerged, with the APT-C-60 threat group weaponizing VHDX files to compromise organizations.
The threat actors impersonate job seekers in spear-phishing emails sent to recruitment staff, exploiting trust relationships to deliver malicious payloads.
While earlier campaigns directed victims to download VHDX files from Google Drive, recent attacks have evolved to attach the malicious VHDX file directly to emails.
Once a victim opens the weaponized VHDX file and clicks the embedded LNK file, a malicious script executes via Git, a legitimate application, initiating a multi-stage infection process that deploys sophisticated data-stealing malware.
JPCERT analysts identified this campaign targeting East Asian regions, particularly Japan, between June and August 2025.
The threat group demonstrates advanced operational security by leveraging legitimate services like GitHub and statcounter to maintain command-and-control infrastructure.
The attacks showcase technical sophistication through multi-layered obfuscation techniques, including XOR encoding with the key “sgznqhtgnghvmzxponum” for initial payloads and AES-128-CBC encryption for secondary stage downloads.
The malware identifies compromised machines using volume serial numbers and computer names, enabling precise victim tracking.
The infection chain begins when the LNK file executes gcmd.exe, a legitimate Git component, which runs the script glog.txt stored within the VHDX file.
This script displays a fabricated resume as a decoy while simultaneously creating WebClassUser.dat (Downloader1) and registering it in the system registry at HKCU\Software\Classes\CLSID\{566296fe-e0e8-475f-ba9c-a31ad31620b1}\InProcServer32.
Persistence is established through COM hijacking, ensuring the malware executes automatically during system operations.
Downloader1 communicates with statcounter using specially crafted referrer headers in the format ONLINE=>[Number1],[Number2] >> [%userprofile%] / [VolumeSerialNumber + ComputerName].
The threat actors monitor these referrer values and upload corresponding files to GitHub repositories. Downloader1 retrieves files from URLs like https://raw.githubusercontent.com/carolab989/class2025/refs/heads/main/[VolumeSerialNumber+ComputerName].txt, which contain instructions for downloading Downloader2.
Infection Mechanism and Payload Deployment
The infection mechanism employs a cascading deployment strategy with multiple encoded layers.
Downloader2 downloads and deploys SpyGlace malware, utilizing dynamic API resolution with an encoding scheme combining ADD and XOR operations.
Flow of malware infection (Source – JPCert)
The current version applies XOR 0x05 after ADD 0x04, representing an evolution from earlier variants. Files retrieved by Downloader2 are XOR-decoded using the key “AadDDRTaSPtyAG57er#$ad!lDKTOPLTEL78pE” before execution through COM hijacking.
SpyGlace versions 3.1.12 through 3.1.14 have been observed implementing comprehensive data exfiltration capabilities through 17 distinct commands.
The malware communicates with command-and-control servers at IP address 185.181.230.71 using modified RC4 encryption combined with BASE64 encoding.
The modified RC4 implementation increases Key Scheduling Algorithm cycles and performs additional XOR operations.
SpyGlace employs a characteristic encoding scheme combining single-byte XOR with SUB instructions for string obfuscation and API resolution.
The download command retrieves encrypted files and decrypts them using AES-128-CBC with the hardcoded key B0747C82C23359D1342B47A669796989 and IV 21A44712685A8BA42985783B67883999, creating files at %temp%\wcts66889.tmp.
The malware establishes persistence by changing its automatic execution path from %public%\AccountPictures\Default\ in version 3.1.13 to %appdata%\Microsoft\SystemCertificates\My\CPLs in version 3.1.14.
SpyGlace implements comprehensive surveillance capabilities, including remote shell access, file manipulation, process control, disk enumeration, and automated screenshot capture through the screenupload command, which calls the Clouds.db module at %LocalAppData%\Microsoft\Windows\Clouds\Clouds.db with the export function mssc1.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.
.webp)
.webp)