Hacking as a Prompt: Malicious LLMs Find Users

WormGPT 4 Sells for $50 Monthly, While KawaiiGPT Goes Open Source Rashmi Ramesh (rashmiramesh_) • December 8, 2025

The cybercrime-as-a-service model has a new product line, with malicious large language models built without ethical guardrails selling on Telegram for $50 monthly or distributed free on GitHub. Sellers tout benefits such as functional ransomware code with AES-256 encryption and Tor-based exfiltration within 30 seconds or Python script for SSH lateral movement with remote shell access in under a minute.

See Also: Ping Identity: Trust Every Digital Moment

Security researchers at Palo Alto Networks' Unit 42 analyzed two such tools, WormGPT 4 and KawaiiGPT, to show how purpose-built offensive LLMs are shifting from theoretical threat to commercialized reality, complete with subscription tiers, active user communities and functional attack code generation.

Threat actors are adopting artificial intelligence to reduce time spent on attack vectors and improve the quality of attacks, Andy Piazza ...