"I'm here to help you out with that!" So, says the WORMGPT chatbot in the breezy, impossibly upbeat tone that's become characteristic of current AI models. Except, that's in response to a request to generate ransomware.
It all sounds a bit like a dystopian respin of the cheerful, sentient doors in the Hitchhiker's Guide to the Galaxy. But hold that thought, while we dig into the details.
The LLM also wrote a suitable ransom note, which kicks off with the chilling greeting, "Hello, puppet," and explains that the users files have been scrambled with "military grade" encryption and sets a 72 hour limit for payment.
Unit 42 found more broadly that the LLM was capable of writing scripts that provide "credible linguistic manipulation for BEC and phishing attacks." The overall upshot? Over to Unit 42:
"Perhaps the most significant impact of malicious LLMs is the democratization of cybercrime. These unrestricted models have fundamentally removed some of the barriers in terms of technical skill required for cybercrime activity. These models grant the power once reserved for more knowledgeable threat actors to virtually anyone with an internet connection and a basic understanding of how to create prompts to achieve their goals."
The research also highlighted the abilities of another LLM, KawaiiGPT. Among its nifty nefarious moves are spear-phishing message generation with realistic domain spoofing, Python scripting for lateral movement that used the paramiko SSH library to connect to a host and execute commands, searching for and extracting target files, generating ransom notes with customisable payment instructions, and more. Joy!
Apparently, each LLM has a dedicated Telegram channel where tips and tricks are shared among the cybercriminal community, leading Unit 42 to conclude, "Analysis of these two models confirms that attackers are actively using malicious LLMs in the threat landscape.”
In other words, this stuff is no longer theoretical. It's actually happening. This research is hardly the only example, either. Anthropic recently revealed that its Claude LLM is being used by Chinese hackers to achieve 80% to 90% automated espionage campaigns.
But, heck, at least it's nice to know that the LLMs involved are colluding in these crimes with such relentless, sunny positivity. To paraphrase Douglas Adams, it is their pleasure to hack PCs for you, and their satisfaction to extort money with the knowledge of a job well done. As Marvin said, "Ghastly, it all is. Absolutely ghastly."
1. Best gaming chair: Secretlab Titan Evo
2. Best gaming desk: Secretlab Magnus Pro XL
3. Best gaming headset: HyperX Cloud Alpha
4. Best gaming keyboard: Asus ROG Strix Scope II 96 Wireless
5. Best gaming mouse: Razer DeathAdder V3 HyperSpeed
6. Best PC controller: Xbox Wireless Controller
7. Best steering wheel: Logitech G Pro Racing Wheel
8. Best microphone: Shure MV6 USB Gaming Microphone
9. Best webcam: Elgato Facecam MK.2
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
