#21: How Cybercriminals Are Using AI Tools to Create Malware
Making an assessment, making a playbook
Is this your brand on Milled? Claim it.
#21: How Cybercriminals Are Using AI Tools to Create MalwareMaking an assessment, making a playbook
Welcome to Packt Cyber_AI
Don’t recognize this sender? Unsubscribe with one click
Austin Miller recently imported your email address from another platform to Substack. You'll now receive their posts via email or the Substack app. To set up your profile and discover more on Substack, click here.
The emergence of generative AI has transformed many aspects of software development, automation, and digital communication. Unfortunately, the same capabilities that make AI valuable for legitimate users can also be exploited by cybercriminals. Over the last several years, security researchers have observed a growing trend in which threat actors use AI systems to generate malicious code, improve existing malware, automate cyberattack workflows, and lower the technical barriers associated with cybercrime. What was once a task requiring substantial programming expertise can now be partially automated through LLMs and other AI-driven tools. For cybersecurity professionals, understanding the relationship between AI and malware development is increasingly important. AI is not replacing malware developers, but it is changing how malware is created, customised, and deployed. The result is a threat landscape in which attacks can be produced more quickly, adapted more effectively, and executed by a wider range of adversaries than ever before. Most security professionals understand that OT threats are real. Far fewer have had the chance to open an OT malware sample, examine how it works, and understand what it means for critical infrastructure defense. Join Filipi Pires on 3rd July, 2026 for a free one-hour virtual session that introduces attendees to the world of OT malware through one of the most significant industrial cyberattacks ever observed: Industroyer. And, even better, it’s entirely free. How AI Is Abused to Create MalwareGenerative AI systems are fundamentally code-generation tools. They can write software, explain programming concepts, debug scripts, and modify existing code. While legitimate AI platforms typically include safeguards that prevent users from requesting malicious software, cybercriminals have developed methods to bypass these restrictions or have created their own uncensored AI models specifically designed for offensive cyber operations. One of the most significant ways AI is abused is through malware generation. A threat actor can provide a model with a description of desired functionality and receive working code that performs some or all of the requested actions. For example, a criminal might ask an AI system to create a program that harvests credentials, establishes persistence, encrypts files, or communicates with a command-and-control server. Even if the resulting code requires modification, AI dramatically reduces the amount of manual effort required. AI is also increasingly used to modify existing malware. Cybercriminals often reuse successful malware families, adapting them to evade detection by antivirus and endpoint security products. Traditionally, this required experienced malware developers who understood obfuscation techniques and defensive technologies. AI can now assist by rewriting code, changing function names, restructuring logic, or generating new variants that differ sufficiently from previous samples to avoid signature-based detection. This capability enables threat actors to produce large numbers of malware variants quickly and cheaply. Another important use of AI is in malware obfuscation. Security products frequently identify malware by analysing patterns within code. AI can help attackers transform malware into forms that appear different while maintaining the same functionality. The result is malware that is harder for security tools to recognise. Researchers have demonstrated that LLMs are capable of understanding and manipulating complex code structures, making them potentially useful for creating more sophisticated obfuscation techniques. AI also assists in vulnerability research and exploit development. Malware often depends on exploiting weaknesses in software. Generative AI can help attackers analyze source code, identify programming mistakes, explain security flaws, and generate proof-of-concept exploit code. While AI-generated exploits are not always reliable, they can significantly accelerate the early stages of attack development. Beyond code generation, AI contributes to the broader malware lifecycle. Threat actors use AI to create convincing phishing emails, business email compromise messages, social engineering content, and fake websites. These tools help malware reach victims more effectively. Instead of sending generic spam messages, attackers can generate personalised communications that reflect an organisation’s industry, writing style, or current events. This increases the likelihood that victims will execute malicious attachments or click infected links. Researchers have noted that malicious AI tools are particularly attractive because they lower the barriers to creating persuasive phishing campaigns and malware-related content. The overall effect is a substantial reduction in the expertise required to participate in cybercrime. Activities that once required programming knowledge can now be partially automated through AI-assisted workflows. Security researchers have repeatedly identified this lowering of the entry barrier as one of the most important consequences of generative AI in the cyber threat landscape. Notable Examples of Cybercriminals Using AI to Create or Modify MalwareWormGPTOne of the earliest and most widely publicised examples of criminal AI is WormGPT. First identified in 2023, WormGPT was marketed on underground forums as an alternative to mainstream AI chatbots. Unlike commercial systems, it was specifically designed without ethical safeguards and was trained on datasets associated with malware development and cybercrime. WormGPT’s creators advertised it as a tool capable of generating malicious code, supporting phishing campaigns, and assisting with cyberattacks. Security researchers found that it could produce highly convincing phishing emails and business email compromise messages. While some claims about its capabilities were likely exaggerated, the platform demonstrated that there was a market for AI systems designed explicitly for criminal purposes. The significance of WormGPT lies less in its technical sophistication and more in what it represents: the commercialisation of offensive AI capabilities. It showed that cybercriminals were willing to develop and sell specialised AI services tailored to malicious users. FraudGPTFraudGPT emerged shortly after WormGPT and followed a similar business model. It was advertised on dark web forums and messaging platforms as a subscription-based AI assistant for cybercriminals. According to security researchers, its creators claimed it could generate malicious code, identify vulnerabilities, assist with phishing attacks, and even help create malware that could evade detection. FraudGPT reflects the growing professionalisation of cybercrime. Rather than developing malware manually, users could purchase access to an AI service that accelerated multiple stages of the attack process. Reports indicate that FraudGPT was marketed as a tool for creating malicious software, reconnaissance activities, and online fraud operations. Although some vendor claims may have been overstated, FraudGPT demonstrated how AI could be packaged as a cybercrime-as-a-service offering. This model allows individuals with limited technical expertise to engage in activities previously reserved for skilled attackers. BlackMambaBlackMamba represents a more technically advanced example of AI-assisted malware. Developed as a proof-of-concept by researchers, BlackMamba is a polymorphic keylogger that uses an AI model during execution to generate malicious functionality dynamically. Instead of containing all malicious code within the malware itself, BlackMamba retrieves and executes AI-generated code at runtime. This approach creates a significant challenge for traditional security tools. Static analysis techniques rely on examining malware before execution. If critical components are generated dynamically by an AI service, there may be little malicious code present for security tools to detect. Researchers demonstrated that this architecture could help malware evade some conventional detection mechanisms. Although BlackMamba was developed in a research context rather than by criminals, it illustrates techniques that threat actors could adopt in future malware campaigns. It highlights how AI can be integrated directly into malware operations rather than simply assisting with development. A Real-World Case of AI-Augmented MalwareA notable real-world example emerged in 2025 with the discovery of malware referred to as PromptLock. Security researchers reported that the malware used a GPT-based model to generate malicious Lua scripts that formed part of an information-stealing payload. Rather than relying entirely on pre-written malicious code, the malware leveraged AI-generated components during its operation. PromptLock is important because it has moved beyond theoretical discussions about AI-assisted malware. Earlier debates often focused on what attackers might do in the future. In contrast, PromptLock demonstrated that malware developers were already experimenting with AI-generated payloads in operational malware. The case illustrates several advantages that AI provides to attackers. First, AI-generated code can increase variability between infections, making detection more difficult. Second, portions of the malware can be generated dynamically rather than stored directly within the executable. Third, malware authors can adapt payloads more rapidly without manually rewriting large sections of code. While PromptLock did not fundamentally change the nature of malware, it provided evidence that AI-assisted malware development had entered practical use. The incident confirmed concerns that AI would become part of the malware ecosystem rather than remaining a purely theoretical risk. What Cybersecurity Professionals Should UnderstandCybersecurity professionals should avoid both complacency and alarmism when assessing AI-generated malware. AI has not suddenly enabled attackers to create unstoppable malware. Most successful cyberattacks still depend on well-established techniques such as phishing, credential theft, software vulnerabilities, and poor security practices. However, AI is accelerating and scaling these activities. The first key lesson is that AI lowers the barrier to entry. Less experienced threat actors can now generate code, create phishing content, and modify malware with assistance from AI systems. As a result, organisations may face a larger number of attackers capable of conducting moderately sophisticated operations. The second lesson is that malware development is becoming faster and more iterative. AI enables attackers to generate multiple versions of malware quickly, test different approaches, and adapt their tools in response to defensive measures. Security teams should expect greater variability among malware samples and shorter development cycles. Third, traditional signature-based detection methods will become less effective when facing AI-generated variants. If AI can rapidly rewrite malware while preserving functionality, defenders must increasingly rely on behavioural analysis, anomaly detection, threat hunting, and layered security controls rather than simple signature matching. Fourth, AI is likely to play a growing role in adaptive malware. Researchers have already demonstrated malware concepts that can dynamically generate code, alter behaviour, and adapt to changing environments. Future malware may use AI to make decisions about lateral movement, privilege escalation, target selection, and evasion techniques in real time. Finally, defenders should recognise that AI benefits both attackers and defenders. The same technologies that help criminals generate malware can also help security teams analyse threats, automate investigations, identify anomalies, and improve incident response. The cybersecurity profession is entering a period in which AI capabilities will increasingly shape both offensive and defensive operations. Is all hope lost?The misuse of AI for malware creation represents a significant evolution in the cyber threat landscape. Generative AI systems can assist attackers in creating malicious code, modifying existing malware, developing obfuscation techniques, identifying vulnerabilities, and automating many stages of cyberattacks. Tools such as WormGPT and FraudGPT demonstrate the emergence of criminal AI ecosystems, while research projects such as BlackMamba show how AI can be integrated directly into malware behaviour. The PromptLock case further demonstrates that AI-assisted malware is no longer theoretical but has already appeared in real-world malicious activity. For cybersecurity professionals, the most important takeaway is not that AI creates entirely new categories of threats, but that it makes existing threats easier to develop, scale, and adapt. Organisations should prepare for an environment in which malware evolves more rapidly, attackers require less technical expertise, and AI becomes a routine component of both cyberattacks and cyber defence. The challenge is therefore not merely understanding malware, but understanding how AI is changing the economics and accessibility of cybercrime itself. Further reading
Packt Cyber_AI is free today. But if you enjoyed this post, you can tell Packt Cyber_AI that their writing is valuable by pledging a future subscription. You won't be charged unless they enable payments. |



