Researchers expose MalTerminal, an LLM-enabled malware pioneer
SentinelLABS researchers discovered MalTerminal, the earliest known LLM-enabled malware, which generates malicious logic at runtime, making the detection more complex. Researchers identified it via API key patterns and prompt structures, uncovering new samples and other offensive LLM uses, such as people search agents, red team tools, and LLM-assisted vulnerability injection utilities.
Researchers analyzed how threat actors integrate LLMs into malware development and the challenges this poses for defenders. Unlike traditional threats, LLM-enabled malware can generate code dynamically, making detection harder. The experts warn that attackers can exploit LLMs in several ways: lures via fake AI tools, attacks on LLM-integrated apps, manual refinement of LLM-generated malware, “hacking sidekick” uses for phishing or coding, and embedding LLMs directly into malware for operational advantage.
Researchers hunted LLM-enabled malware by targeting these dependencies, API keys and prompts. Since most threat actors use commercial LLM services, malware must embed identifiable keys and structured prompts. They used YARA rules to detect provider-specific key patterns, uncovering over 7,000 samples (mostly non-malicious leaks, but some linked to real malware). They also searched binaries for hardcoded prompts, using LLM classifiers to flag malicious intent.
MalTerminal (compiled Python -> MalTerminal.exe) calls OpenAI GPT-4 to generate ransomware or a reverse shell on demand; it embeds a deprecated chat API, pointing to an early development date. Researchers also found Python loaders (testAPI.py, TestMal2.py) that offer operator menus, plus brittle “FalconShield” scanners (TestMal3.py/Defe.py) that ask GPT to label code as malicious.