AI-powered malware, known as ‘MalTerminal’, uses OpenAI’s GPT-4 model to dynamically generate malicious code, including ransomware and reverse shells, marking a significant shift in how threats are developed and deployed.
This discovery follows the recent analysis of PromptLock, another AI-driven malware, indicating a clear trend toward adversaries weaponizing large language models (LLMs).
This discovery was part of the “LLM-Enabled Malware In the Wild” research presented by SentinelLABS at the LABScon 2025 security conference.
The findings highlight how adversaries are beginning to integrate LLMs directly into their malicious payloads, creating challenges for traditional security detection methods.
PromptLock: An Academic Proof-of-Concept
In August 2025, security firm ESET discovered PromptLock, which was initially declared the first-known AI-powered ransomware. It was later revealed to be a proof-of-concept created by researchers at New York University to demonstrate the potential dangers of such threats.
Unlike MalTerminal, which relies on a cloud-based API, PromptLock is written in Golang and uses the Ollama API to run an LLM locally on the victim’s machine.
Based on predefined prompts, PromptLock generates malicious Lua scripts in real-time, making it compatible across Windows, Linux, and macOS.
Promptlock
The malware is designed to identify the type of infected system, such as a personal computer, server, or industrial controller, and then autonomously decide whether to exfiltrate or encrypt data using the SPECK 128-bit encryption algorithm.
MalTerminal Uncovered
While PromptLock was a research project, SentinelLABS researchers found LLM-enabled malware in the wild. Instead of searching for known malicious code, they focused on artifacts unique to LLM integration.
The team wrote YARA rules to scan for hardcoded API keys and common prompt structures embedded within binaries. This API key hunting methodology successfully identified a cluster of suspicious Python scripts and a compiled Windows executable named MalTerminal.exe.
Analysis revealed the malware uses a deprecated OpenAI API endpoint, suggesting it was created before November 2023 and making it the earliest known sample of its kind.
MalTerminal functions as a malware generator. Upon execution, the tool prompts its operator to choose between creating ‘Ransomware’ or a ‘Reverse Shell’. It then sends a request to the GPT-4 API to generate the corresponding malicious Python code at runtime.
This approach means the malicious logic is never stored within the initial binary, allowing it to bypass static analysis and signature-based detection tools.
The research also uncovered related scripts, including early versions (TestMal2.py) and even a defensive tool named ‘FalconShield’, which appears to be an experimental malware scanner created by the same author.
The emergence of malware like MalTerminal and PromptLock signifies a new challenge for cybersecurity defenders. The ability to generate unique malicious code for each execution makes detection and analysis significantly more difficult.
However, this new class of malware also has inherent weaknesses. Its dependency on external APIs, local models, and hardcoded prompts creates a new attack surface for defenders.
If an API key is revoked or a model is blocked, the malware is rendered inoperable. While LLM-enabled malware is still considered experimental, these examples serve as a critical warning that threat actors are actively innovating, forcing defenders to adapt their strategies to focus on detecting malicious API usage and anomalous prompt activity.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
The post First-ever AI-powered ‘MalTerminal’ Malware Uses OpenAI GPT-4 to Generate Ransomware Code appeared first on Cyber Security News.
