HONESTCUE
HONESTCUE is an AI-enabled downloader and launcher framework that leverages Google Gemini’s API to generate or modify second-stage functionality on demand. Reporting states that it sends prompts to Gemini and receives C# source code in response, then uses the legitimate .NET CSharpCodeProvider framework to compile and execute that payload directly in memory, enabling a fileless second stage that downloads and executes additional malware. Multiple sources also describe HONESTCUE as requesting just-in-time VBScript obfuscation routines from Gemini at runtime so that the bytes on disk change over time, supporting polymorphic behavior and undermining signature-based detection and static analysis. It has been described as sending benign-looking prompts to generate working code that is compiled and executed in memory, apparently to help bypass safety filters. Google Threat Intelligence Group reported tracking HONESTCUE samples in September 2025 and described the malware as outsourcing functionality generation through Gemini. GTIG stated it had not associated HONESTCUE with an existing threat cluster and suspected it was being developed by a single actor or small group based on iterative sample changes and a single VirusTotal submitter. High-confidence behaviors directly mentioned in the content include Gemini API use, on-demand malicious C# code generation, in-memory compilation and execution via CSharpCodeProvider, stage-two downloader/launcher functionality, and runtime VBScript obfuscation for evasion.
Hunt this family in your stack
Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.
Groups observed using it
3 distinct threat actors attributed by public researchers. Open in Mallory to see the full evidence chain and overlapping campaigns.
The report identified attempts to coerce disclosure of internal reasoning, AI-assisted reconnaissance by DPRK, PRC, Iranian, and Russian actors, and AI-integrated malware such as HONESTCUE leveraging Gemini’s API for second-stage payload generation.
The report identified attempts to coerce disclosure of internal reasoning, AI-assisted reconnaissance by DPRK, PRC, Iranian, and Russian actors, and AI-integrated malware such as HONESTCUE leveraging Gemini’s API for second-stage payload generation.
The report identified attempts to coerce disclosure of internal reasoning, AI-assisted reconnaissance by DPRK, PRC, Iranian, and Russian actors, and AI-integrated malware such as HONESTCUE leveraging Gemini’s API for second-stage payload generation.
Techniques & procedures
13 distinct techniques documented for this family, organized by ATT&CK tactic.
Resource Development
2 techniques"detected a malware called HONESTCUE that leverages Gemini's API to outsource functionality generation for the next-stage" ... "receives C# source code as the response."
threat actors are using large language models to write polymorphic loaders... Public reporting now names specific actor clusters in the wild... APT27... used Gemini to accelerate development of fleet management tooling... APT45... sending thousands of repetitive prompts that recursively analyze CVEs and validate proof-of-concept exploits
Execution
1 techniqueHONESTCUE queries Gemini at runtime to request specific VBScript obfuscation routines just-in-time
Stealth
6 techniquesan attacker can ask a fine-tuned open-weights model to regenerate a loader with different control-flow structure, different string encoding, and different sandbox-evasion tells... PROMPTFLUX makes live calls to the Gemini API to dynamically modify itself, HONESTCUE queries Gemini at runtime to request specific VBScript obfuscation routines
...two newly disclosed malware families that leverage AI for evasive techniques such as polymorphism...
PROMPTFLUX makes live calls to the Gemini API to dynamically modify itself, HONESTCUE queries Gemini at runtime to request specific VBScript obfuscation routines just-in-time so the bytes on disk at minute zero differ from the bytes at minute thirty.
Promptflux : A self-morphing dropper that calls the Gemini API to periodically rewrite its own source code, bypassing static signature-based detection.
...the development of evasive malware. The report highlighted two previously discovered and two newly disclosed malware families that leverage AI for evasive techniques...
“...receives source code for a second-stage downloader, compiles it in memory with .NET tools, and executes it without writing files to disk. This fileless approach helps evade detection.”
Discovery
1 techniqueCommand and Control
4 techniques"HONESTCUE ... sends a prompt via Google Gemini's API and receives C# source code as the response"
Promptflux : A self-morphing dropper that calls the Gemini API to periodically rewrite its own source code
“...malware called HONESTCUE that uses the Gemini API to generate malicious C# code on demand.”
“Attackers also host payloads on platforms like Discord CDN.”
Recent activity
13 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
A loader that uses Gemini at runtime to generate VBScript obfuscation routines just-in-time, changing its on-disk characteristics over time.
Malware that uses Gemini at runtime to generate VBScript obfuscation routines on demand, changing its on-disk form over time to evade detection.
Just-in-time self-modifying malware that uses the Gemini API to obtain VBScript obfuscation techniques and evade detection.
AI-embedded malware that makes real-time requests for VBScript obfuscation.
The version that knows your environment.
Match every observed IP, domain, and hash against your live telemetry.
Named campaigns wielding this family, with evidence pinned to each claim.
CVEs this family uses for access and lateral movement.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Every documented technique, ranked by evidence weight.
Reddit, Mastodon, and CTI community discussion around this family.