- Hackers use offline LLMs like WormGPT 4 and KawaiiGPT for cybercrime
- WormGPT 4 enables encryptors, exfiltration tools and ransom notes; KawaiiGPT creates phishing scripts
- Both models have hundreds of Telegram subscribers, reducing the barriers to entry for cybercrime.
Most generative AI tools used today are not unlimited – for example, they are not allowed to teach people how to make bombs or how to commit suicide – nor are they allowed to facilitate cybercrime.
While some hackers attempt to “jailbreak” tools by bypassing these guardrails using clever prompts, others simply create their own, completely independent Large Language Models (LLMs) to be used exclusively for cybercrime.
Palo Alto Networks Unit 42 cybersecurity researchers analyzed two of these models, to determine their capabilities and to better understand the tools available to each cybercriminal. The bottom line is that some tools are quite powerful, allowing even unskilled hackers to launch sophisticated and damaging attacks.
Attack Discord?
The specific models are called WormGPT 4 and KawaiiGPT. The first is the successor to the WormGPT LLM which was discontinued in September 2025 and is a paid tool that criminals can obtain for $50 per month (or $220 for a lifetime license). The latter is a free and community alternative.
The free version isn’t as good as the paid version, Unit 42 said, but added that it’s still pretty robust and capable of creating compelling phishing messages and automating lateral moves with ready-made scripts. The paid model is even more troubling, since researchers managed to create fully functional encryption malware, a data exfiltration tool, and a “creepy and effective” ransom note.
These are probably not the only two tools of this type on the Internet, but they seem to be popular. Both LLMs apparently have hundreds of subscribers on Telegram and are actively used in various attacks.
“Analysis of these two models confirms that attackers are actively using malicious LLMs across the threat landscape,” Unit 42 concluded, warning that the barrier to entry into cybercrime has never been lower.
Via BeepComputer
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
