Hey Google (AI), Create Me Some Malware. (Please)

Google has revealed that just in the past year dozens of hacking groups in two dozen countries have been detected using Google’s AI agent Gemini to write malware, look for vulnerabilities and target organizations for attack.

Among other nefarious tasks.

Hackers have used regular Google for years to profile organizations, so that is not really different, just a bit easier. Now you can ask it who is the organization’s CEO and what social media platforms does it frequently post to – among many other questions that Google’s AI will, for the most part, cheerfully answer.

But now hackers from China, Iran, Russia and North Korea have figured out (it is not THAT hard) how to use Google’s AI to attack you. And you even get to pay the bill for it hacking you.

Here is the cool (and dangerous part).

Knowing that Google has an insatiable appetite to steal your data, they create data that looks sort of innocuous to entice Google to ingest it.

HOWEVER, this data has another purpose.

Seeded inside the data are malicious instructions that Gemini also ingests.

And, hopefully (at least for the hackers), Gemini will spit out when you ask a question.

And no, it is unlikely that your anti-malware software will detect it. Possible but not likely. It might detect follow-on actions that the malware takes like trying to modify a system file or stealing your data. It might. Maybe.

China and Iran are the most active. North Korea mostly seems to use it to write cover letters for fake IT jobs.

And no, this is not limited to Google – they are just the ones who are publicly talking about it.

Unfortunately, this is a hard one for you to detect and protect yourself from.

Credit: Metacurity

by