Google Identifies LLM-Based Malware Exploits By Hackers

Google’s Threat Analysis Group recently identified North Korean-linked hackers exploiting large language models to enhance malware and target digital assets globally.

This highlights growing cyber risks in cryptocurrency, where sophisticated phishing and evasion tactics threaten digital asset security, prompting enhanced defenses.

Google Unveils Five New Malware Types Exploiting AI

Google’s Threat Analysis Group found at least five new types of malware exploiting LLMs like Gemini and Qwen 2.5-Coder by state-backed hackers from North Korea, Iran, China, and Russia. These models are being utilized for phishing and evasion.

Immediate changes involve the abuse of LLMs’ real-time code creation to bypass conventional security. These adaptations pose a significant cyber threat by creating dynamic, hard-to-detect malware, affecting digital asset holders. Google is actively working on mitigating these issues by equipping Gemini with enhanced capabilities.

“We’re equipping Gemini with new capabilities to address obfuscation techniques and obtain real-time insights on indicators of compromise (IOCs).” — Andrés Ramírez, Security Lead, Google Cloud

Crypto Community Urges Stricter AI Model Security

Did you know? UNC1069 has a history of targeting high-value crypto wallets with spear-phishing, evolving tactics by leveraging AI models create an unprecedented threat to cryptocurrency security frameworks.

As of November 7, 2025, according to CoinMarketCap, Ethereum (ETH) trades at $3,462.25 with a market cap of 417,882,529,935. Spanning 24 hours, trading volumes show a 13.14% increase, while the asset depicts a 4.99% rise over the same timeframe.

The Coinku research team highlights the rise of AI model exploitation as a critical cybersecurity threat. Adapting LLM technology requires robust regulatory frameworks and technical countermeasures to prevent misuse. There’s also a pressing need to explore enhanced security collaborations among industry players.