Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Malicious LLM underground market commoditizes low-level hacking help

Threat Actor Meta
First reported
Last updated
Happening score
H score 0
1 unique sources, 1 articles

Summary

Hide ▲

The malicious LLM underground market is making low-level hacking assistance more accessible, letting cybercriminals buy offensive and dual-use models instead of building custom prompts from scratch. These models are sold on dark web forums with tiered subscription plans, showing a more organized criminal service economy. The offerings can automate vulnerability scanning, data exfiltration, and even the drafting of phishing emails or ransomware notes. By removing ethical constraints and safety filters, the market lowers the skill bar and speeds up tailored abuse at scale.

Related Happenings

Malicious LLM testing shows WormGPT 4 and KawaiiGPT generating reusable ransomware, phishing, and lateral-movement code

Technical Analysis
First: 27.11.2025 19:15 Last: 27.11.2025 19:15 Sources 1

About this happening: Malicious **LLMs** such as **WormGPT 4** and **KawaiiGPT** are now generating reusable offensive code, raising the risk that **low-skilled attackers** can run ransomware, phishing...

Open Happening

Timeline

  1. 02.12.2025 16:17 2 articles · 5mo ago

    Malicious LLM underground market commoditizes hacking assistance

    Initial Disclosure

    Cybercriminals are selling malicious large language models on dark web forums through tiered subscription plans, packaging them as purpose-built offensive models or dual-use penetration testing tools that can automate vulnerability scanning, data encryption, data exfiltration, and the drafting of phishing emails or ransomware notes. The market lowers the skill bar for abusive use by making low-level hacking help easier to buy and reuse at scale.

    Show sources
    Open in new tab