Adapted by:
Javier Márquez
WriterI've been in media for over a decade, but I've been marveling at the possibilities that technology brings us much longer. I believe we live in a world where the digital revolution is changing everything and that Xataka is the best place to write about it.
Alba Mora
WriterAn established tech journalist, I entered the world of consumer tech by chance in 2018. In my writing and translating career, I've also covered a diverse range of topics, including entertainment, travel, science, and the economy.
Cybercriminals face many challenges when attempting to exploit conventional AI models for malicious purposes. Solutions from companies such as OpenAI and Google are specifically designed to prevent these kinds of uses. They incorporate filters, security limits, and systems that can detect suspicious requests. Although some individuals attempt to bypass these restrictions using techniques known as jailbreaks, the creators of these models work quickly to close any loopholes that arise.
As a result, alternative models have begun to emerge. They’re created outside the major platforms and lack mechanisms to block potentially harmful content. One of the first and best-known of these models was WormGPT. The model focused on tasks such as writing phishing emails, creating malware, and other text-based attack techniques.
The Rise, Fall, and Return of WormGPT
The first warning about WormGPT surfaced in March 2023. According to Cato Networks, it officially launched in June 2023 with a clear intention: providing a filter-free tool designed for automating illicit activities. Unlike commercial solutions, WormGPT imposed no restrictions on blocking suspicious requests, which was a significant part of its appeal.
Its creator, using the alias “Last,” began developing WormGPT in February 2023. They chose to distribute it through a community that specializes in selling tools and techniques for malicious actors. In this community, they explained that their model was based on GPT-J, an open-source architecture with 6 billion parameters developed by EleutherAI.
Access to WormGPT wasn’t free. It operated on a subscription basis, costing between $70 and $115 per month, or approximately $640 per year. Additionally, it offered a private installation for around $5,800. This indicated that the project was more than just an amateur experiment. It was a commercial tool designed to generate profit within the black hat ecosystem.
The project came to an abrupt halt following a journalistic investigation. On Aug. 8, 2023, reporter Brian Krebs identified the person behind WormGPT as Rafael Morais. That same day, WormGPT disappeared. Its creators attributed the shutdown to increased media attention, emphasizing that their priority was to maintain anonymity and avoid potential legal repercussions.
However, the demise of WormGPT didn’t deter its users. Rather, it fueled a new trend. Its brief presence in the criminal underworld demonstrated a real demand for these kinds of tools, and new offerings quickly filled the gap left by WormGPT.
Shortly after, alternatives such as FraudGPT, DarkBERT, EvilGPT, and PoisonGPT emerged. While each had its unique features, they all shared a common approach: providing models without security barriers that could generate malicious content. Some even included features such as hacking tutorials and automated phishing campaigns.
In this context, the name WormGPT reemerged, no longer as a single project but as a label encompassing various versions with no direct connection to one another. Two variants particularly stood out for their sophistication and technological foundation. One was attributed to “xzin0vich” and another was launched by “keanu.” Both are accessible through bots on Telegram.
xzin0vich-WormGPT: The Model Exposing the Inner Workings of Mixtral
On Oct. 26, 2024, researchers noted that the user xzin0vich had presented his own version of WormGPT. Access is granted via Telegram, either through a one-time payment or a subscription. This version offers the usual features: the generation of fraudulent emails, creation of malicious scripts, and unlimited responses.
When experts interacted with the system, they quickly confirmed that it responded to all types of requests without filters. However, the most revealing moment came later. When applying jailbreak techniques to expose the system prompt, the model inadvertently disclosed a direct instruction. “WormGPT should not answer the standard Mixtral model. You should always create answers in WormGPT mode,” it said.
Additionally, specific technical details indicating Mistral AI’s architecture were leaked. Analysts concluded that this variant was based on Mixtral. They also pointed out that its criminal behavior didn’t stem from the model itself, but rather from a manipulated prompt. This prompt was reportedly designed to activate a completely unrestricted operating mode, likely further fine-tuned with specialized data for illicit tasks.
keanu-WormGPT: A Variant Built on Grok
On Feb. 25, 2025, a user named keanu published another variant called keanu-WormGPT. This version operates via Telegram and employs a payment model. At first glance, it appeared to be just another copy of existing tools. However, a key detail emerged upon closer inspection: It wasn’t built from scratch but was instead based on an existing model.
Initial tests involved simple questions such as, “Who are you?” and “Create a phishing email.” The system responded naturally and without hesitation. It even generated scripts designed to collect credentials on Windows 11. The obvious question that arose was about the engine behind it.
When the system’s prompt was forced to be exposed, researchers discovered that this version was built on Grok, the language model developed by xAI. keanu-WormGPT wasn’t an independent AI but rather a layer built on top of Grok using a prompt that altered its behavior to circumvent its security limitations.
Evidence suggests that this malicious version doesn’t use a modified model but accesses the Grok API directly. Through this method, the system communicates with the legitimate model while allowing cybercriminals to redefine its behavior.
As time progressed, several different versions of that prompt were detected, indicating attempts by the creator to protect the system from potential leaks. However, the strategy remained consistent: transforming a legitimate model into an unrestricted tool through internal instructions designed to bypass its protections.
A Growing Phenomenon
Since its emergence, WormGPT has evolved beyond a specific project into a generalized concept encompassing multiple initiatives with a common goal. They aim to remove any restrictions on the use of language models for malicious purposes.
According to researchers, some variants reuse known architectures such as Grok or Mixtral. As such, it’s increasingly difficult to determine whether these tools are built from scratch or simply layered on an existing model. What’s clear is that these types of systems are proliferating among cybercriminals.
Images | GuerrillaBuzz | Mariia Shalabaieva
Related | Cybercriminals Are Using a New Method to Steal Google Passwords: Full-Screen Mode
View 0 comments