- Hackers use untethered LLMs like WormGPT 4 and KawaiiGPT for cybercrime
- WormGPT 4 enables encryptors, exfiltration tools and ransom notes; KawaiiGPT creates phishing scripts
- Both models have hundreds of Telegram subscribers, which reduces the barriers to entry for cybercrime
Most generative AI tools in use today are not free of restrictions (for example, they are not allowed to teach people how to make bombs or how to commit suicide) and they are not allowed to facilitate cybercrime.
While some hackers attempt to jailbreak tools by bypassing those security barriers with smart prompts, others simply build their own completely independent large language models (LLMs) for use exclusively in cybercrime.
Cybersecurity researchers at Palo Alto Networks Unit 42 have analyzed two of these models to see how capable they are and to better understand the tools at the disposal of each cybercriminal. The bottom line is that some of the tools are quite powerful and allow even poorly trained hackers to execute sophisticated and damaging attacks.
Attacking discord?
The specific models are called WormGPT 4 and KawaiiGPT. The first is a successor to WormGPT LLM, which was discontinued in September 2025, and is a paid tool that criminals can get for $50 a month (or $220 for a lifetime license). The latter is a free, community-driven alternative.
The free one is not as good as the paid one, Unit 42 said, but added that it is still quite robust and capable of crafting convincing phishing messages and automating lateral movement with ready-to-run scripts. The paid model is even more worrying, as the researchers managed to create a fully functional encrypting malware, a data exfiltration tool, and a “chilling and effective” ransom note.
These are probably not the only two tools of this type on the Internet, but they seem to be popular. Both LLMs apparently have hundreds of subscribers on Telegram and are being actively used in various attacks.
“Analysis of these two models confirms that attackers are actively using malicious LLM in the threat landscape,” Unit 42 concluded, warning that the barrier to entry for cybercrime has never been lower.
Through beepcomputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
