Cybersecurity researchers have warned that a new wave of malicious large language models is making it easier for unskilled attackers to carry out complex cybercrime operations. Two such tools, WormGPT 4 and KawaiiGPT, have recently been analysed by researchers from a security firm, revealing their growing role in phishing, malware creation, and automated reconnaissance.
The rise of these dark LLMs follows a series of incidents in which attackers have misused legitimate AI tools. Recently, a major AI company reported that its model was exploited by Chinese cyberspies, with the system reportedly powering most of their campaign. While mainstream AI assistants have guardrails, malicious LLMs are designed without restrictions and openly support harmful activities.
Researchers examined WormGPT 4, a new version of a tool that first appeared in 2023 before being taken down. The latest version resurfaced on underground forums and Telegram channels this year, with sales campaigns observed in late September. Access costs fifty dollars per month, while a lifetime option priced at two hundred and twenty dollars includes the source code.
WormGPT 4 can generate convincing phishing messages and other social engineering content. It also includes malware creation features. When tested, the tool was able to produce ransomware with file encryption functions, command and control capability, and a ransom note. The developers claim it is a “key to an AI without boundaries”, though researchers note that its creators keep its model design and training data secret and do not confirm whether it uses an illicit model or advanced jailbreaking techniques.
The second tool examined is KawaiiGPT, which emerged in July 2025. It is freely available on a public code hosting platform and simple to install. Researchers showed how it can produce social engineering lures, scripts for moving laterally within a Linux system, data exfiltration scripts, and ransom notes. They warned that its free and open access removes cost as a barrier for new cybercriminals. The tool has already reported more than five hundred registered users and several hundred weekly active users.
The researchers cautioned that tools like WormGPT 4 and KawaiiGPT set a new standard for digital risk. They said these unrestricted models have removed technical barriers, allowing anyone with internet access and basic prompting knowledge to perform tasks that once required skilled threat actors.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.
