Cybersecurity researchers have identified what is believed to be the earliest known instance of malware that leverages a Large Language Model (LLM) to generate malicious code at runtime. <\/p>\n
Dubbed \u2018MalTerminal<\/a>\u2019 by SentinelLABS, the malware uses OpenAI\u2019s GPT-4 to dynamically create ransomware code and reverse shells, presenting a new and formidable challenge for detection and threat analysis.<\/p>\n The discovery highlights a significant shift in adversary tradecraft, where the malicious logic is not hardcoded into the malware itself but is generated on-the-fly by an external AI model. <\/p>\n This approach can render traditional security measures, such as static signatures, ineffective, as the code can be unique for each execution. The findings were part of broader research into how threat actors are weaponizing LLMs.<\/p>\n Unlike other adversarial uses of AI, such as creating convincing phishing emails or using AI software as a lure, LLM-enabled malware embeds the model\u2019s capabilities directly into its payload. This allows the malware to adapt its behavior based on the target environment.<\/p>\n SentinelLABS researchers established a clear definition for this threat, distinguishing it from malware simply created by<\/em> an LLM, which they note remains immature.<\/p>\n The primary concern with LLM-enabled malware is its unpredictability. By offloading code generation to an LLM, the malware\u2019s actions can vary significantly, making it difficult for security tools to anticipate and block its behavior. <\/p>\n Prior documented cases like PromptLock<\/a>, a proof-of-concept ransomware, and LameHug (or PROMPTSTEAL), linked to the Russian APT28 group, demonstrated how LLMs could be used to generate system commands and exfiltrate data. These examples paved the way for hunting more advanced threats.<\/p>\n The breakthrough came from a novel threat-hunting methodology developed by SentinelLABS. Instead of searching for malicious code, researchers hunted for the artifacts of LLM integration: embedded API keys and specific prompt structures.<\/p>\n They wrote YARA rules to detect key patterns for major LLM providers like OpenAI and Anthropic. A year-long retrohunt on VirusTotal<\/a> flagged over 7,000 samples with embedded keys, though most were non-malicious developer errors.<\/p>\n The key to finding MalTerminal was focusing on samples with multiple API keys, a redundancy tactic for malware, and hunting for prompts with malicious intent.<\/p>\n The researchers used an LLM classifier to score the maliciousness of discovered prompts. This strategy led them to a set of Python scripts and a Windows executable named Analysis indicated that it utilized a deprecated OpenAI chat completion API endpoint, which was retired in November 2023. This suggests the malware was developed prior to that date, making it the earliest known sample of its kind.<\/p>\n MalTerminal prompts an operator to choose between deploying ransomware or a reverse shell, then uses GPT-4 to generate the necessary code.<\/p>\nA New Generation Of Adaptable Threats<\/strong><\/h2>\n
MalTerminal.exe<\/code>. <\/p>\n![\"\"](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhi8tUcSsXh9ON4ycX4-DpuNfADv-Hu3yoWJtOdzHKsnFFmQzv03XIUcHm8fbGRy4lG0OYlJNKbN_j7JPWghI7vMmfFGx11nLR79sDeVqZWPsgeXUSOMir0_gDb8-FEOhOaGV4K7TQ_mQIzW4MO1R0u5b10p_mkFUmT8TuICunsLkzefAMwj-CaVCrvDXSG\/s1767\/llm_enable_malware_1_imresizer.webp?ssl=1\")
<\/figure>\n<\/div>\n