Google reports that state hackers from China, Russia and Iran are using Gemini in ‘all stages’ of attacks — phishing lures, coding and vulnerability testing get

Google reports that state hackers from China, Russia and Iran are using Gemini in 'all stages' of attacks — phishing lures, coding and vulnerability testing get

Nvidia decries 'far-fetched' reports of smuggling in face of DeepSeek training reports

Although Google did confirm it hadn't seen these assets deployed into the wild, suggesting this use of Gemini may still be in its nascent stages, it's still something Google took seriously. To mitigate any potential negative effects, Google disabled assets associated with these actors' activities, and Google DeepMind, in turn, used these insights to improve its protections against misuse of Gemini services.

Gemini is now less likely to assist in generating this kind of content in the future.

But under the hood, Xanthorox is just an API that leverages existing general AI models like Gemini.

"This setup leverages a key abuse vector: the integration of multiple open-source AI products—specifically Crush, Hexstrike AI, LibreChat-AI, and Open WebUI—opportunistically leveraged via Model Context Protocol (MCP) servers to build an agentic AI service upon commercial models," Google explains.

Google highlights that because using these kinds of tools requires making lots of API calls to the various AI models, it makes organizations with large allocations of API tokens excellent targets for hijacking accounts. This is creating a black market for API keys, adding financial incentive to acquiring them, and placing greater emphasis on the importance of organizations securing them and their employees' access to AI tools.

Google did observe some actors attempting to use Gemini and other AI to augment existing malware and generate new malicious software. Although it claims not to have noted any particular advances in this area, it is something being actively explored and is likely to advance in the future.

HonestCue is one proof-of-concept AI malware framework that uses Gemini to generate code for a second-stage malware. So the malware infects a machine, then that malware contacts Gemini and generates new code for a second-attack. It also noted a ClickFix campaign that used social engineering within a chatbot to encourage users to download malicious files, bypassing security methods.

As Google tracks these attempts, and others by state actors, it continues to disable accounts, block access to assets, and update the Gemini model so it's less susceptible to these kinds of manipulations and attacks in the future. Like traditional anti-malware defences, though, anti-AI attacks look set to be a cat-and-mouse game that is unlikely to end any time soon.

Jon Martindale is a contributing writer for Tom's Hardware. For the past 20 years, he's been writing about PC components, emerging technologies, and the latest software advances. His deep and broad journalistic experience gives him unique insights into the most exciting technology trends of today and tomorrow. ","collapsible":{"enabled":true,"maxHeight":250,"readMoreText":"Read more","readLessText":"Read less"}}), "https://slice.vanilla.futurecdn.net/13-4-13/js/authorBio.js"); } else { console.error('%c FTE ','background: #9306F9; color: #ffffff','no lazy slice hydration function available'); } Jon Martindale Freelance Writer Jon Martindale is a contributing writer for Tom's Hardware. For the past 20 years, he's been writing about PC components, emerging technologies, and the latest software advances. His deep and broad journalistic experience gives him unique insights into the most exciting technology trends of today and tomorrow.

Google reports that state hackers from China, Russia and Iran are using Gemini in ‘all stages’ of attacks — phishing lures, coding and vulnerability testing get

Key considerations

Reference reading

More on this site

Leave a Comment Cancel reply

Key considerations

Reference reading

More on this site

Related posts:

Leave a Comment Cancel reply