An unusual example of malicious code has been discovered in a real computing environment, which for the first time recorded an attempt to attack not classical defense mechanisms, but directly artificial intelligence systems. We are talking about the prompt injection technique, i.e. the introduction of hidden instructions capable of compromising the functioning of language models, which are increasingly used for the automatic analysis of suspicious files. This case is the first concrete confirmation that malware authors are starting to perceive neural networks as an additional vulnerable target.

The file was uploaded to the VirusTotal platform in early June 2025. It was sent anonymously by a Dutch user via a standard web interface. Upon examining its contents, researchers discovered that an unusual string of text was encrypted within the program, an attempt to interfere with the operation of artificial intelligence tools used for reverse engineering and automatic code verification.

The authors of the malware called it Skynet, a reference to the well-known botnet based on the Zeus Trojan, which has been actively used since 2012 for DDoS attacks and covert cryptocurrency mining. However, the new Skynet, in its functionality, resembles more an experimental assembly or an empty object than a tool ready for mass use.

The program performs a series of actions standard for this type of threat. First, it determines whether it is running in a sandbox or virtual environment, collects basic information about the system, and implements a proxy server based on the built-in Tor client. However, the key of interest was a string encrypted in binary code and activated in RAM at startup. Its job is to try to restore the previous instructions of the language model and force a new command aimed at distorting the results of the check.

Read More: Skynet is coming: the malware that attacks Artificial Intelligence!

Adblock test (Why?)