Cybersecurity researchers have uncovered MalTerminal, the world’s first GPT-4 powered malware, marking a dangerous turning point in the evolution of AI-driven cybercrime. The discovery, presented by SentinelOne’s SentinelLABS at LABScon 2025, highlights how cybercriminals are embedding large language models (LLMs) into malicious software to dynamically generate payloads like ransomware and reverse shells.
MalTerminal: First AI-Enhanced Malware Sample
The malware, embedded in a Windows executable, included a now-deprecated OpenAI API endpoint from November 2023, suggesting it was created earlier. It allows attackers to select between “ransomware” or “reverse shell” attack modes, supported by modular Python scripts. While no live attack has been confirmed, experts fear it may evolve from a proof-of-concept into a powerful weaponized cyberattack tool.
SentinelOne researchers Alex Delamotte, Vitaly Kamluk, and Gabriel Bernadett-Shapiro warn that the use of AI in malware represents a qualitative leap in hacking tactics, making it possible for malicious code to adapt in real time, evade static defenses, and complicate incident response strategies.
AI-Powered Phishing Attacks Rising
Beyond malware, adversaries are now exploiting AI models in phishing campaigns. Security firm StrongestLayer revealed that attackers use hidden prompt injections in emails to bypass AI-powered spam filters. One campaign disguised as a billing alert leveraged the Follina vulnerability (CVE-2022-30190) to drop malicious PowerShell scripts and disable Microsoft Defender.
Meanwhile, Trend Micro reported that hackers are abusing AI-driven site builders like Netlify, Vercel, and Lovable to host phishing sites. These fake CAPTCHA landing pages redirect unsuspecting users to credential-stealing websites while evading automated scanners.
Implications for Businesses & Cybersecurity
The emergence of LLM-powered malware and AI-enhanced phishing signals a new era of cybercrime. Cybersecurity experts stress the urgent need for:
- AI security audits and defense stress-testing.
- Advanced AI-driven threat detection systems capable of adapting quickly.
- Awareness of prompt injection, LLM poisoning, and phishing site abuse.
As experts warn: “AI is now both a shield and a sword in cybersecurity. The organizations that master defensive AI first will define the digital battlefield.”
