AI-Powered Malware: State-Backed Hackers Use LLMs for Evasion

Cyber Security News by CyberSum.net

Published on November 6, 2025 at 03:00 AM

2 sources

State-backed hackers are deploying malware that uses large language models (LLMs) to dynamically generate malicious scripts and evade detection. Researchers at Google observed malware employing AI capabilities mid-execution, marking a significant step towards more autonomous and adaptive threats. Experimental malware like PROMPTFLUX and PROMPTSTEAL show how attackers are integrating AI into future intrusion activities. The marketplace for AI tools purpose-built for criminal behavior is growing, making sophisticated tools accessible to low-level criminals.

Also Read

APT Group Exploits Zero-Day Vulnerabilities in Cisco and Citrix Systems

Amazon’s threat intelligence division uncovered a cyber-espionage campaign where an advanced persistent threat (APT) group exploited zero-day vulnerabilities in Cisco and Citrix systems. The attackers targeted critical identity and network access control infrastructure, using undisclosed flaws before vendors released patches. Amazon’s MadPot honeypot service detected the exploitation attempts, leading to the identification of CVE-2025-5777 and CVE-2025-20337. The threat actor deployed a custom web shell disguised as a legitimate component, operating in-memory and using advanced encryption techniques. Security teams are advised to implement defense-in-depth strategies and closely monitor for anomalous activity.

By Cyber Security News by CyberSum.netNovember 13, 2025 at 12:00 PM