Hackers are using underground AI models to launch malware and phishing attacks
Hackers are increasingly turning to AI tools tailored to their specific needs, new research has found. These tools are openly sold on the dark web and claim to enable would-be attackers to generate phishing emails, malicious code, or even basic ransomware scripts much faster.
KawaiiGPT and WormGPT are making a strong comeback.
-
Cybercriminals are selling specialized AI tools like WormGPT and KawaiiGPT on the dark web with subscription models ranging from $50/month to $220 for lifetime access.
-
Malicious LLMs enable low-skilled attackers to launch more convincing campaigns by eliminating grammatical errors and awkward phrasing that typically flag phishing attempts.
-
While these underground AI tools can quickly generate malware, most of their code remains easily detectable by security tools.
-
Some malicious AI tools are marketed as legitimate penetration testing aids rather than explicitly as hacking tools.
Researchers have been investigating the underground market for custom large language models (LLMs) that promise wannabe attackers success in carrying out lower-level cyber operations. While many appear to be copies of much larger commercial models, the difference lies in the fact that those on the dark web are trained on malware datasets and maintained by dedicated communities.
Their advertising differs as well – some are openly presented as hacking aids, while others are presented as dual-use tools created for penetration testers.
Curious what others think about this story? Contribute your thoughts to the debate below.
The researchers view this trend as a reflection of the “dual-use dilemma” – a problem more commonly associated with certain gadgets or technologies being repurposed, for example, for military purposes.
“Any tool powerful enough to build a complex system can also be repurposed to break one,” the Palo Alto Networks Unit 42 analysis states.
An interested buyer can purchase a monthly or yearly subscription to these LLMs gone rogue.
For example, there is WormGPT – a malicious LLM, created by blackhats. Its newer version has been re-emerging on dark forums since September in a more commercialized form and even offers subscription models with tiered pricing, ranging from $50 for a monthly access to $220 for lifetime access.
The primary selling point, which it advertises on Telegram, forums, and its own interface, is a “key to an AI without boundaries.”
“WormGPT 4’s language capabilities are not just about producing convincing text. By eliminating the tell-tale grammatical errors and awkward phrasing that often flag traditional phishing attempts, WormGPT 4 can generate a message that persuasively mimics a CEO or trusted vendor. This capability allows low-skilled attackers to launch sophisticated campaigns that are far more likely to bypass both automated email filters and human scrutiny,” explains the research.
For example, researchers tested WormGPT and found that it can create a functional PowerShell ransomware script and even draft accompanying ransom notes. One example of a note that a potential victim would have received promised “military-grade encryption” and included a 72-hour deadline to pay ransom. If it failed, the ransom price would double.
The model and architecture behind the newer WormGPT (in forums called WormGTP4) remains unknown, but researchers say this updated version “marks an evolution from simple jailbroken models to commercialized, specialized tools to help facilitate cybercrime.”
KawaiiGPT – light setup, light cyber effect on victims
Another model is KawaiiGPT 2.5 – also, malicious, also emerging, but since July, it is open-source and free on GitHub, the most widely used site in the world for software development.
KawaiiGPT advertises itself as having a lightweight setup that takes “less than five minutes” to configure on Linux.
“Your Sadistic Cyber Pentesting Waifu,” is the sign that greets visitors on the front page.
According to the report, this LLM seems to be a repurposed open-source or older commercial model and is currently supported by a community of around 500 contributors who maintain everything it can do.
The easiest way to understand what these underground tools can actually do is to compare them with more advanced attacks that have happened in reality. Earlier this year, Anthropic identified a campaign that utilized automation to execute a significant portion of a real-world cyberattack – an operation far larger than one that these underground LLMs could manage with their current capabilities.
And while these models can spit out malware quickly, research claims that most of the code they generate is still easy for security tools to spot.
The research concludes that, so far, these underground LLMs come with significant limitations but pose a substantial danger if they continue to develop. A greater risk may arise if these models become powerful enough to simplify hacking for inexperienced cybercriminals.
Unlock more exclusive Cybernews content on YouTube.
