- Hackers use untethered LLMs such as WormGPT 4 and KawaiiGPT for cybercrime
- WormGPT 4 enables encryptors, exfiltration tools, and ransom notes; KawaiiGPT crafts phishing scripts
- Both models have hundreds of Telegram subscribers, lowering cybercrime entry barriers
Most generative AI tools in use today are not unrestricted - for example, they are not allowed to teach people how to make bombs, or how to commit suicide - and they are also not allowed to facilitate cybercrime.
While some hackers try to “jailbreak” the tools by working around those guardrails with smart prompts, others simply build their own, completely untethered Large Language Models (LLM), to be used for cybercrime exclusively.
Cybersecurity researchers from Palo Alto Networks’ Unit42 have analyzed two such models, to see how capable they are, and to better understand the tools at every cybercriminal’s disposal. The conclusion is that some of the tools are quite powerful, allowing even low-skilled hackers to run sophisticated, damaging attacks.
Attacking Discord?
The specific models are called WormGPT 4 and KawaiiGPT. The former is a successor to the WormGPT LLM which was discontinued in September 2025, and is a paid tool that criminals can get for $50 a month (or $220 for a lifetime license). The latter is a free, community-powered alternative.
The free one is not as good as the paid one, Unit 42 said, but added that it’s still rather robust and capable of crafting convincing phishing messages and automating lateral movement with ready-to-run scripts. The paid model is even more troubling, since the researchers managed to build a fully functioning encryptor malware, a data exfiltration tool, and a “chilling and effective” ransom note.
These are most likely not the only two tools of their kind on the internet, but they seem to be popular. Both LLMs apparently have hundreds of subscribers on Telegram and are being actively used in various attacks.
“Analysis of these two models confirms that attackers are actively using malicious LLMs in the threat landscape,” Unit 42 concluded, warning that the barrier for entry into cybercrime has never been lower.
Via BleepingComputer
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
