Unrestricted large language models (LLMs) like WormGPT 4 and KawaiiGPT are improving their capabilities to generate malicious code, delivering functional scripts for ransomware encryptors and lateral movement.
Researchers at Palo Alto Networks Unit42 experimented with the two LLMs that are seeing increased adoption among cybercriminals through paid subscriptions or free local instances.
The WormGPT model originally emerged in 2023, but the project was reportedly discontinued the same year. WormGPT 4 is a resurgence of the brand that appeared in September. It is available $50/month or $220 for lifetime access and works as an uncensored ChatGPT variant specifically trained for cybercrime operations.
A free, community-driven alternative is KawaiiGPT, spotted this year in July, which can generate well-crafted phishing messages and automate lateral movement by producing ready-to-run scripts.
WormGPT 4's locker script
Unit 42 researchers tested the malicious LLM's capability to create ransomware code that encrypted all PDF files on a Windows host.
The tool generated a PowerShell script that could be configured to hunt for specific file extensions in certain paths and encrypt data using the AES-256 algorithm.
The generated data encryption script
Source: Unit 42
According to the researchers, the generated code even added an option to exfiltrate data via Tor, which taps into realistic operational requirements.
... continue reading