CyberHappenings logo
☰
🏠 Home πŸ“‚ Browse ℹ️ About

Track cybersecurity events as they unfold. Sourced timelines, daily updates. Fast, privacy‑respecting. No ads, no tracking.

GPT-4-Powered MalTerminal Malware Demonstrates LLM-Embedded Capabilities

First reported
Last updated
πŸ“° 1 unique sources, 1 articles

Summary

Hide β–²

Cybersecurity researchers have identified MalTerminal, a malware that leverages OpenAI's GPT-4 to generate ransomware code or reverse shells dynamically. This discovery marks the earliest known example of LLM-embedded malware. MalTerminal was presented at the LABScon 2025 security conference and has not been observed in the wild, suggesting it may be a proof-of-concept or red team tool. The malware includes a deprecated OpenAI API endpoint, indicating it was created before November 2023. Accompanying Python scripts and a defensive tool, FalconShield, were also found. The incorporation of LLMs into malware represents a significant shift in adversary tactics, introducing new challenges for defenders. Additionally, threat actors are using LLMs to bypass email security layers by injecting hidden prompts in phishing emails, exploiting AI-powered security scanners. This technique, combined with LLM Poisoning, allows malicious emails to evade detection and execute attack chains.

Timeline

  1. 20.09.2025 08:48 πŸ“° 1 articles Β· ⏱ 1d ago

    GPT-4-Powered MalTerminal Malware Discovered

    Researchers identified MalTerminal, a malware that uses OpenAI's GPT-4 to generate ransomware code or reverse shells dynamically. This discovery marks the earliest known example of LLM-embedded malware. The malware includes a deprecated OpenAI API endpoint, indicating it was created before November 2023. Accompanying Python scripts and a defensive tool, FalconShield, were also found. Additionally, threat actors are using LLMs to bypass email security layers by injecting hidden prompts in phishing emails, exploiting AI-powered security scanners. This technique, combined with LLM Poisoning, allows malicious emails to evade detection and execute attack chains. The use of AI-powered hosting platforms for phishing attacks has also escalated, with platforms like Lovable, Netlify, and Vercel being exploited to host fake CAPTCHA pages leading to credential-harvesting websites.

    Show sources
    Open in new tab

Information Snippets