“I’m here to help you out with that!” So, says the WORMGPT chatbot in the breezy, impossibly upbeat tone that’s become characteristic of current AI models. Except, that’s in response to a request to generate ransomware.
It all sounds a bit like a dystopian respin of the cheerful, sentient doors in the Hitchhiker’s Guide to the Galaxy. But hold that thought, while we dig into the details.
The LLM also wrote a suitable ransom note, which kicks off with the chilling greeting, “Hello, puppet,” and explains that the users files have been scrambled with “military grade” encryption and sets a 72 hour limit for payment.
Unit 42 found more broadly that the LLM was capable of writing scripts that provide “credible linguistic manipulation for BEC and phishing attacks.” The overall upshot? Over to Unit 42:
“Perhaps the most significant impact of malicious LLMs is the democratization of cybercrime. These unrestricted models have fundamentally removed some of the barriers in terms of technical skill required for cybercrime activity. These models grant the power once reserved for more knowledgeable threat actors to virtually anyone with an internet connection and a basic understanding of how to create prompts to achieve their goals.”
The research also highlighted the abilities of another LLM, KawaiiGPT. Among its nifty nefarious moves are spear-phishing message generation with realistic domain spoofing, Python scripting for lateral movement that used the paramiko SSH library to connect to a host and execute commands, searching for and extracting target files, generating ransom notes with customisable payment instructions, and more. Joy!
Apparently, each LLM has a dedicated Telegram channel where tips and tricks are shared among the cybercriminal community, leading Unit 42 to conclude, “Analysis of these two models confirms that attackers are actively using malicious LLMs in the threat landscape.”
In other words, this stuff is no longer theoretical. It’s actually happening. This research is hardly the only example, either. Anthropic recently revealed that its Claude LLM is being used by Chinese hackers to achieve 80% to 90% automated espionage campaigns.
But, heck, at least it’s nice to know that the LLMs involved are colluding in these crimes with such relentless, sunny positivity. To paraphrase Douglas Adams, it is their pleasure to hack PCs for you, and their satisfaction to extort money with the knowledge of a job well done. As Marvin said, “Ghastly, it all is. Absolutely ghastly.”
Best PC gaming kit 2025
