Novel malware taps GPT4 for ransomware creation

OpenAI's GPT-4 large language model has been harnessed by the newly identified MalTerminal malware to facilitate ransomware and reverse shell generation, Cyber Security News reports.

MalTerminal has been noted by SentinelOne SentinelLabs researchers to be the first LLM-enabled malware after discovering its use of an OpenAI API endpoint indicating its creation prior to November 2023.

Execution of the malware allows operators to select between 'ransomware' or 'reverse shell' creation, with GPT-4 then sought to produce the malicious Python code at runtime, while evading analysis and signature-based detection systems, according to the research, which was presented at this year's LABScon security conference. Additional findings revealed MalTerminal's developer to have also created the 'FalconShield' malware scanner.

Such a development comes after ESET's discovery of the Golang-based PromptLock ransomware, which exploits Ollama API to enable local LLM execution and real-time generation of illicit Lua scripts from pre-defined prompts. PromptLock was later admitted to have been developed by researchers at New York University's Tandon School of Engineering.