North Korean AI Malware Targets Crypto Wallets via Gemini, Qwen
Google’s Threat Intelligence Group (GTIG) has uncovered five active AI malware families that dynamically query large language models Gemini and Qwen to generate or modify malicious code at runtime. Leading strains include PROMPTFLUX, which rewrites its VBScript via the Gemini API hourly, and PROMPTSTEAL, tied to APT28, using Qwen on Hugging Face to produce Windows commands on demand. The report also highlights North Korea’s UNC1069 (Masan) group exploiting AI to harvest wallet data, craft phishing emails for exchange staff, and access encrypted files. A new tactic called EtherHiding is used to conceal rogue Ethereum smart contracts. In response, Google has disabled compromised accounts and strengthened API monitoring and prompt filtering. The emergence of AI malware targeting crypto wallets underscores growing cyber risks for traders and institutions. Enhanced threat detection and secure wallet protocols are now critical.
Bearish
These revelations of AI malware attacks on crypto wallets are likely to weigh on market sentiment. In the short term, traders may reduce exposure to targeted assets like ETH and other tokens due to heightened security fears, prompting sell-offs. Over the long term, demand for secure wallets and advanced threat detection could drive investment in cybersecurity solutions, stabilizing market confidence but maintaining cautious trading behavior.