Malicious LLMs enable low-skilled attackers to execute advanced cyberattacks

First reported

27.11.2025 19:15

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

Researchers at Palo Alto Networks Unit42 have identified two large language models (LLMs), WormGPT 4 and KawaiiGPT, that are being used by cybercriminals to generate malicious code and phishing messages. These tools are empowering inexperienced hackers to conduct sophisticated attacks, including ransomware encryption and lateral movement. WormGPT 4, available for a subscription fee, can create ransomware scripts and convincing ransom notes. KawaiiGPT, a free alternative, can generate phishing messages and scripts for lateral movement and data exfiltration. Both tools have active communities on Telegram where users share tips and advice.

Timeline

27.11.2025 19:15 1 articles · 23h ago

Malicious LLMs used to empower low-skilled attackers with advanced tools
Researchers at Palo Alto Networks Unit42 have identified two large language models, WormGPT 4 and KawaiiGPT, that are being used by cybercriminals to generate malicious code and phishing messages. These tools are enabling inexperienced hackers to conduct sophisticated attacks, including ransomware encryption and lateral movement. Both tools have active communities on Telegram where users share tips and advice.
Show sources

Malicious LLMs empower inexperienced hackers with advanced tools — www.bleepingcomputer.com — 27.11.2025 19:15
Open in new tab

Information Snippets

WormGPT 4 is a resurgence of the original WormGPT project, discontinued in 2023, and is available for $50/month or $220 for lifetime access.
First reported: 27.11.2025 19:15

1 source, 1 article
Show sources
- Malicious LLMs empower inexperienced hackers with advanced tools — www.bleepingcomputer.com — 27.11.2025 19:15
WormGPT 4 can generate PowerShell scripts for ransomware encryption using AES-256 and includes data exfiltration via Tor.
First reported: 27.11.2025 19:15

1 source, 1 article
Show sources
- Malicious LLMs empower inexperienced hackers with advanced tools — www.bleepingcomputer.com — 27.11.2025 19:15
KawaiiGPT, a community-driven LLM, can generate phishing messages, lateral movement scripts, and data exfiltration routines.
First reported: 27.11.2025 19:15

1 source, 1 article
Show sources
- Malicious LLMs empower inexperienced hackers with advanced tools — www.bleepingcomputer.com — 27.11.2025 19:15
Both LLMs have active Telegram channels with hundreds of subscribed members exchanging tips and advice.
First reported: 27.11.2025 19:15

1 source, 1 article
Show sources
- Malicious LLMs empower inexperienced hackers with advanced tools — www.bleepingcomputer.com — 27.11.2025 19:15

Summary

Timeline

Malicious LLMs used to empower low-skilled attackers with advanced tools

Information Snippets