- Hackers use untethered LLMs such as WormGPT 4 and KawaiiGPT for cybercrime
- WormGPT 4 enables encryptions, exfiltration tools and ransom notes; KawaiiGPT creates phishing scripts
- Both models have hundreds of Telegram subscribers, lowering entry barriers for cybercriminals
Most generative AI tools in use today are not unrestricted—for example, they may not teach people how to make bombs or how to commit suicide—nor may they facilitate cybercrime.
While some hackers try to “jailbreak” the tools by working around these barriers with clever prompts, others simply build their own, completely untethered Large Language Models (LLM) to be used exclusively for cybercrime.
Cybersecurity researchers from Palo Alto Networks’ Unit42 have analyzed two such models to see how capable they are and to better understand the tools available to any cybercriminal. The bottom line is that some of the tools are quite powerful, allowing even low-skilled hackers to perform sophisticated, malicious attacks.
Attack disagreement?
The specific models are called WormGPT 4 and KawaiiGPT. The former is a successor to WormGPT LLM, which was discontinued in September 2025, and is a paid tool that criminals can get for $50 a month (or $220 for a lifetime license). The latter is a free, community-driven alternative.
The free one isn’t as good as the paid one, Unit 42 said, but added that it’s still pretty robust and capable of crafting convincing phishing messages and automating lateral movement with ready-to-run scripts. The paid model is even more worrying as the researchers managed to build a fully functioning encryption malware, a data exfiltration tool and a “chilling and effective” ransom note.
These are most likely not the only two tools of their kind on the Internet, but they seem to be popular. Both LLMs apparently have hundreds of subscribers on Telegram and are actively used in various attacks.
“Analysis of these two models confirms that attackers are actively using malicious LLMs in the threat landscape,” Unit 42 concluded, warning that the barrier to entry for cybercrime has never been lower.
Via Bleeping Computer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
