Citizen Lab and Google uncovered a new, sophisticated cyberattack linked to Russian state actors that exploits App-Specific Passwords, bypassing Multi-Factor Authentication. Discover how to protect yourself from these evolving threats.

A new and highly sophisticated cyberattack, believed to be from a Russian state-linked group, has been revealed. This innovative method tricks people into creating and handing over App-Specific Passwords (ASPs), bypassing common security measures like Multi-Factor Authentication (MFA).

This sophisticated attack was jointly disclosed by the Citizen Lab (a research group at the University of Toronto) and Google’s Threat Intelligence Group (GTIG). Their investigation began after Keir Giles, a well-known expert on Russian information operations and a senior associate at Chatham House, contacted Citizen Lab for help after being targeted.

****A Malicious New Approach****

This new attack was different from typical phishing. It was slow and very convincing. It started on May 22, 2025, when Mr. Giles got an email from someone named Claudie S. Weber pretending to be a US State Department official. The email looked real, even with other official addresses in the “CC” line. The attackers took their time, sending over ten emails in several weeks to build trust. Experts think they might have used advanced tools to make their messages sound very natural.

Source: Citizen Lab

The main trick was to get Mr. Giles to sign up for a fake MS DoS Guest Tenant platform. They sent him a professional-looking PDF with instructions. This PDF guided him to create an App-Specific Password (ASP)for his Google account.

The Benign PDF (Source: GTIG)

For your information, an ASP is a special 16-digit code for older apps that don’t work with modern security. The hackers made it seem like this ASP would let him into a secure government system, but it actually gave them full control of his accounts.

****Russian Link and Future Warnings****

GTIG has identified the group behind these attacks as UNC6293. They believe, with some certainty, that UNC6293 is connected to APT29 (aka Cozy Bear), a cyber espionage group linked to Russia’s Foreign Intelligence Service (SVR). Google later detected the attack on Mr. Giles’s accounts, took steps to secure them, and disabled the attacker’s email address.

This incident highlights a growing concern: as standard security like MFA becomes more common, attackers are finding new ways to bypass it. Experts expect more social engineering attacks that target App-Specific Passwords.

Cybersecurity teams are now advised to be wary of how ASPS are used in their organizations and to educate users about these new risks. Google is already working to phase out ASPs for business users in Google Workspaces but still balances security with user needs for personal Gmail accounts.

Hackers Use Social Engineering to Target Expert on Russian Operations

Researchers have uncovered 30 exposed data sets containing over 16 billion login credentials which were likely harvested by infostealers.

When organizations, good or bad, start hoarding collections of login credentials the numbers quickly add up. Take the 184 million logins for social media accounts we reported about recently. Now try to imagine 16 billion!

Researchers at Cybernews have discovered 30 exposed datasets containing from several millions to over 3.5 billion records each. In total, the researchers uncovered an unimaginable 16 billion records.

The likely source: information stealers, or infostealers for short. Infostealers are malicious software designed specifically to gather sensitive information from infected devices. These malware variants silently extract credentials stored in browsers, email clients, messaging apps, and even crypto wallets, and send the data to cybercriminals.

And for those who are about to shrug it of as “probably old data,” it’s not. According to the researchers these aren’t just old breaches being recycled. This is fresh, weaponizable intelligence at scale.

Once again, an unfortunate demonstration on how effective and widespread infostealers are.

The only silver lining here is that all of the datasets were exposed only briefly: long enough for researchers to uncover them, but not long enough to find who was controlling vast amounts of data.

But that doesn’t take away from the fact that these credentials are in the hands of cybercriminals who can use them for:

*   **Account takeovers**: Cybercriminals can use stolen credentials to hijack social media, banking, or corporate accounts.
*   **Identity theft**: Personal details enable fraud, loan applications, or impersonation.
*   **Targeted phishing**: Combining leaked data allows cybercriminals to engage in very convincing and personalized scams.
*   **Ransomware/business email compromise (BEC) attacks**: Compromised business credentials facilitate network intrusions or fraudulent wire transfers.

The leak includes credentials for virtually every large online service. Apple, Google, Facebook, Telegram, developer platforms, VPNs, and more.

And the number is so massive it exceeds our imagination. If you printed each credential (16 billion usernames + passwords) on a single line, using standard paper, and stacked the pages, the pile would reach far beyond the edge of the stratosphere (roughly 35 miles).

**How to protect against infostealers**

There are a few things you can do to limit the dangers of infostealers:

*   **Use an up-to-date and active anti-malware solution** that can detect and remove infostealers.
*   **Do not reuse passwords across different sites and services.** A password manager can be very helpful to create safe passwords and remember them for you.
*   **Enable two-factor authentication (2FA) for every account you can.** 2FA makes it much more difficult for an attacker to access your account with your login credentials. If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of 2FA can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.

Data stolen by infostealers is often sold or posted online. If you want to find out what personal data of yours has been exposed online, you can use our free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and we’ll give you a free report.

**We don’t just report on threats – we help safeguard your entire digital identity**

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

 Billions of logins for Apple, Google, Facebook, Telegram, and more found exposed online 

Threat actors with suspected ties to Russia have been observed taking advantage of a Google account feature called application specific passwords (or app passwords) as part of a novel social engineering tactic designed to gain access to victims' emails.
Details of the highly targeted campaign were disclosed by Google Threat Intelligence Group (GTIG) and the Citizen Lab, stating the activity

Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign

OpenAI intends to help streamline the Defense Department's administrative processes using artificial intelligence.

OpenAI Awarded $200M Contract to Work With DoD

In this edition, Thor shares how a week off with a new car turned into a crash course in modern vehicle tech. Surprisingly, it offers many parallels to cybersecurity usability.

Wednesday, June 18, 2025 14:00

Welcome to this week’s edition of the Threat Source newsletter. 

June 9 was Whit Monday — a bank holiday here in Germany — so I decided to take the whole week off. It turned out to be the perfect opportunity to try out a brand new car. Little did I know, I was about to get a crash course in modern vehicle technology (and a few unexpected life lessons).

There’s an EU regulation that requires new cars to come equipped with “Advanced Vehicle Systems,” which include features like driver drowsiness and attention warnings, lane-keeping systems and intelligent speed assistance. I hadn’t swapped cars in over a decade, so I was blissfully unaware of just how intrusive these systems could be. 

While I generally appreciate technology that makes our life safer, these features gave me a tough time. The car seemed to beep at me constantly, so much so that the beeping itself became a distraction. Instead of focusing on the road, I found myself trying to decipher what each alert meant. After a few kilometers, I had to pull over and consult the manual just to figure out how to disable these “helpful” assistants. 

Problem solved? Not quite. Every time I turned off and restarted the car, the systems re-enabled themselves. Disabling the lane-keeping assistant was just a button press, but turning off the “intelligent” speed assistant required a convoluted sequence: six menu clicks, a long press then a short click. I had to dig out the manual every time. 

You might think I’m just cutting corners, or that I should pay better attention to speed limits. But here’s the thing: Technology fails, and these systems are no exception. Sometimes the cameras miss speed signs, or worse, pick up the wrong ones. I’ve read about people putting stickers on their windshields to block the camera, only to discover the system then falls back to GPS data, which can be outdated or just plain wrong. On one occasion, it thought a car was on a 50 km/h road when the person was actually on the Autobahn directly next and parallel to the road, which famously has no speed limit. 

Some drivers try to muffle the alerts by gluing the speaker, but in modern cars, the system also lowers the radio volume to make sure you hear the alarm. Pulling the fuse would disable the emergency brake, too — not something I’m willing to risk, regardless of how insurance would feel about it.

I ended up learning two important lessons that week. The first was technical: I dove into the world of Controller Area Network (CAN) bus wiring, protocols, network gateways and tools like SavvyCAN to understand how these systems work... and maybe how to disable a few, purely for educational purposes. 

The second lesson hit me later, and it was more personal. In my job, I often preach about deploying multi-factor authentication (MFA) everywhere. My focus has always been on keeping out the bad guys, not on the user experience. I never understood why anyone would use apps to automatically accept authentication pushes — it seemed crazy to me. But after a a few days with the car, I finally saw things from the user’s perspective. Security tools can’t just be effective; they also have to be easy to use. Reducing friction, like using single sign-on or minimizing unnecessary clicks, matters just as much. Users also need to understand why these barriers are in place. 

Tomorrow is another holiday. Maybe I’ll spend it exploring Kali Linux 2025.2 and the latest CARsenal tools (formerly CAN Arsenal). Who knows? I might just tap a wire or two — for educational purposes only, of course.

**The one big thing **

Cisco Talos has discovered that the North Korean-aligned threat actor Famous Chollima has been actively targeting cryptocurrency and blockchain professionals (primarily in India) through sophisticated phishing campaigns. Previously known for using the GolangGhost trojan, they've now introduced a Python-based variant called PylangGhost, which retains the same capabilities. Recent campaigns have targeted Windows users with the Python version, while MacOS users are still being hit with the Golang-based variant.

**Why do I care? **

Even if you're not in the cryptocurrency or blockchain space, this campaign highlights how threat actors are constantly evolving their tools. It's a reminder that no matter how niche or localized an attack might seem, the techniques could easily be adapted to broader campaigns. Plus, if attackers succeed in these targeted efforts, stolen credentials could ripple across networks and platforms globally.

**So now what?**

Take this as your cue to double-check your defenses. Ensure your organization's security tools can detect Python and Golang-based malware, and educate your teams on recognizing phishing attempts, especially fake job offers. Stay proactive by monitoring emerging threats like PylangGhost, because even if you're not the target today, tomorrow isn’t a guarantee.

**Top security headlines of the week **

**AI Scraping Bots Are Breaking Open Libraries, Archives, and Museums**  
AI bots that scrape the internet for training data are hammering the servers of libraries, archives, museums and galleries, and are in some cases knocking their collections offline. (404 Media)

**Paraguay Suffered Data Breach: 7.4 Million Citizen Records Leaked on Dark Web**  
Hackers leaked the personal data of 7.4 million people in Paraguay on the dark web. A cybercriminal group called "Cyber PMC" demanded $7.4 million, blaming government corruption and poor security. (Security Affairs)

**Trend Micro fixes critical vulnerabilities in multiple products**  
Trend Micro has released security updates to address multiple critical-severity remote code execution and authentication bypass vulnerabilities. (Bleeping Computer)

**Can’t get enough Talos? **

**When legitimate tools go rogue**  
From LOLBins to open-source utilities like DonPAPI, threat actors are leveraging legitimate tools to evade detection and carry out attacks. Read the blog here.

**Microsoft Patch Tuesday for June 2025**   
Microsoft released its monthly security update last week, which includes 66 vulnerabilities affecting a range of products, including 10 that Microsoft marked as “critical.” Read the blog here.

**Upcoming events where you can find Talos **

*   REcon (June 27 – 29) Montreal, Canada 
*   NIRMA (July 28 – 30) St. Augustine, FL 
*   Black Hat USA (Aug. 2 – 7) Las Vegas, NV

**Most prevalent malware files from Talos telemetry over the past week **

**SHA 256: 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507**  
MD5: 2915b3f8b703eb744fc54c81f4a9c67f  
VirusTotal: https://www.virustotal.com/gui/file/9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507  
Typical Filename: VID001.exe  
Claimed Product: N/A  
Detection Name: Win.Worm.Coinminer::1201

**SHA 256: a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91**  
MD5: 7bdbd180c081fa63ca94f9c22c457376  
VirusTotal: https://www.virustotal.com/gui/file/a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91/details    
Typical Filename: IMG001.exe  
Claimed Product: N/A  
Detection Name: Simple\_Custom\_Detection

A week with a "smart" car

Miami, Florida, 18th June 2025, CyberNewsWire

**Miami, Florida, June 18th, 2025, CyberNewsWire**

**Halo Security’s Attack Surface Management Platform Honored for Exceptional Innovation and Successful Deployment Through The Channel**

Halo Security today announced that its attack surface management solution has been named a 2025 MSP Today Product of the Year Award winner by TMC, a leading global media company recognized for building communities in technology and business through live events and digital marketing platforms. 

The MSP Today Product of the Year Award honors standout products and services that are reshaping the managed services landscape—delivered through the Channel and purpose-built to meet the evolving needs of end users. The Halo Security platform was selected for its innovation, performance, and its measurable impact on customers and partners alike.

The Halo Security Attack Surface Management Platform enables organizations and managed service providers (MSPs) to discover, monitor, and secure their internet-facing assets. The platform combines attacker-like discovery methods with ongoing security monitoring, vulnerability scanning, and expert-led penetration testing services to help organizations of all sizes identify and remediate security risks before they can be exploited.

Designed with the Channel in mind, the platform offers easy-to-use client management and reporting, along with seamless integrations into tools like Slack, Jira, and major cloud providers. The platform empowers MSPs to deliver scalable, high-impact security services with minimal setup and configuration. With built-in PCI compliance reporting, dark web monitoring, and dynamic application security testing (DAST), Halo Security gives partners and clients alike the visibility needed to stay ahead of evolving threats and meet their compliance goals.

> “Our mission has always been to give organizations and our channel partners deep visibility into their digital presence,” said Lisa Dowling, CEO of Halo Security. “This award is a testament to the innovation behind our platform, the dedication of our team, and the success our MSP partners are driving for their clients every day.”

> “It gives me great pleasure to recognize Halo Security as a 2025 recipient of TMC’s MSP Today Product of the Year Award for their innovative attack surface management solution,” said Rich Tehrani, CEO of TMC. “Our judges were thoroughly impressed not only by the strength and features of the product, but by Halo Security’s commitment to the Channel—empowering partners to deliver exceptional service and drive meaningful results for their clients.” 

Winners of the 2025 MSP Today Product of the Year Award will be featured on MSP Today, the definitive resource for managed service providers, as well as across TMCnet’s media platforms.

**About Halo Security**

Halo Security is a comprehensive external attack surface management platform that provides asset discovery, risk assessment, and penetration testing in a single, easy-to-use dashboard. Founded by cybersecurity experts with backgrounds at McAfee, Intel, Kenna Security, OneLogin, and WhiteHat Security, Halo Security delivers a unique attacker-based approach to help organizations safeguard against potential threats. Users can learn more at halosecurity.com.

**About MSP Today**

MSP Today is the premier online destination for MSPs (Managed Service Providers) and IT service providers worldwide. As the industry’s leading web portal, we are committed to delivering timely and relevant news, cutting-edge product information, and invaluable insights to empower MSPs and IT professionals to thrive in today’s rapidly evolving technology landscape. Whether you’re seeking in-depth articles on emerging technologies, comprehensive product reviews, or actionable tips to optimize your IT services, MSP Today is your go-to resource for all things MSP-related. Users can learn more at www.msptoday.com.

**About TMC**

For more than 20 years, TMC has been honoring technology companies with awards in various categories. These awards are regarded as some of the most prestigious and respected awards in the communications and technology sector worldwide. Winners represent prominent players in the market who consistently demonstrate the advancement of technologies. Each recipient is a verifiable leader in the marketplace. TMC also provides global buyers with valuable insights to make informed tech decisions through our editorial platforms, live events, webinars, and online advertising. Users can learn more at www.tmcnet.com.

**Contacts**

**Director of Partnerships**  
**Lauren Ladra**  
**Halo Security**  
**\[email protected\]**  
**415-799-4568**  
**Manager, TMC Awards**  
**Stephanie Thompson**  
**TMC**  
**\[email protected\]**  
**203-852-6800**

Halo Security Honored with 2025 MSP Today Product of the Year Award

After an attack on Iran’s Sepah bank, the hyper-aggressive Israel-linked hacker group has now destroyed more than $90 million held at Iranian crypto exchange Nobitex.

The Israel-linked hacker group known as Predatory Sparrow has carried out some of the most disruptive and destructive cyberattacks in history, twice disabling thousands of gas station payment systems across Iran and once even setting a steel mill in the country on fire. Now, in the midst of a new war unfolding between the two countries, they appear to be bent on burning Iran's financial system.

Predatory Sparrow, which often goes by its Farsi name, Gonjeshke Darande, in an effort to appear as a homegrown hacktivist organization, announced in a post on on its X account Wednesday that it had targeted the Iranian crypto exchange Nobitex, accusing the exchange of enabling sanctions violations and terrorist financing on behalf of the Iranian regime. According to cryptocurrency tracing firm Elliptic, the hackers destroyed more than $90 million in Nobitex holdings, a rare instance of hackers burning crypto assets rather than stealing them.

“These cyberattacks are the result of Nobitex being a key regime tool for financing terrorism and violating sanctions,” the hackers posted to X. “Associating with regime terror financing and sanction violation infrastructure puts your assets at risk.”

The incident follows another Predatory Sparrow attack on Iran's finance system on Wednesday, in which the same group targeted Iran's Sepah bank, claiming to have destroyed “all” the bank's data in retaliation for its associations with Iran's Islamic Revolutionary Guard Corps, and posting documents that appeared to show agreements between the bank and the Iranian military. “Caution: Associating with the regime's instruments for evading sanctions and financing its ballistic missiles and nuclear program is bad for your long-term financial health,” the hackers wrote. “Who's next?”

Sepah Bank's website was offline yesterday but appeared to be working again today. The bank didn't respond to WIRED's request for comment. Nobitex's website was offline today and the company couldn't be reached for comment.

As is often in the case in the fog of an unfolding war and its accompanying cyberattacks, what effects Predatory Sparrow's cyberattacks have had remain unclear. But Hamid Kashfi, an Iranian cybersecurity researcher living in Sweden and the founder of the cybersecurity firm DarkCell, says he has heard from contacts in Iran that Sepah's online banking and ATMs have been offline since the attacks began, causing widespread disruption to civilians' ability to access their funds. “There has been a lot of collateral damage,” Kashfi says. “It just seems to be straight up causing damage and chaos. I can't think of what other logic would be behind it. Yes, they provide services to the military. But they do for millions of regular joes and civilians as well.”

In the Nobitex attack, blockchain analysis reveals some of the details of Predatory Sparrow's sabotage: According to Elliptic, the eight-figure sum stolen from the exchange was moved to a series of crypto addresses that all started with variations on the phrase “FuckIRGCterrorists.” Those so-called “vanity” addresses typically can't be created in any way that offers control or recovery of funds held there, so Elliptic concludes that moving funds to those addresses was instead a pointed method of destroying the money. “The hackers clearly have political rather than financial motivations,” says Tom Robinson, Elliptic's cofounder. “The crypto they stole has effectively been burned.”

Elliptic also confirmed in its blog post about the attack that crypto tracing shows Nobitex does in fact have links with sanctioned IRGC operatives, Hamas, Yemen's Houthi rebels, and the Palestinian Islamic Jihad group. “It's also an act of sabotage, by attacking a financial institution that was pivotal in Iran's use of cryptocurrency to evade sanctions,” Robinson says.

Predatory Sparrow has long been one of the most aggressive cyberwarfare-focused groups in the world. The hackers, who are widely believed to have links to Israel's military or intelligence agencies, have for years targeted Iran with an intermittent barrage of carefully planned attacks on the country's critical infrastructure. The group has targeted Iran's railways with data-destroying attacks and twice disabled payment systems at thousands of Iranian gas stations, triggering nationwide fuel shortages. In 2022, it carried out perhaps the most physically destructive cyberattack in history, hijacking industrial control systems at the Khouzestan steel mill to cause a massive vat of molten steel to spill onto the floor, setting the plant on fire and nearly burning staff there alive, as shown in the group's own video of the attack posted to its YouTube account.

Exactly why Predatory Sparrow has now turned its attention to Iran's financial sector—whether because it sees those financial institutions as the most consequential or merely because its banks and crypto exchanges were vulnerable enough to offer a target of opportunity—remains unclear for now, says John Hultquist, chief analyst on Google's threat intelligence group and a longtime tracker of Predatory Sparrow's attacks. Almost any conflict, he notes, now includes cyberattacks from hacktivists or state-sponsored hackers. But the entry of Predatory Sparrow in particular into this war suggests there may yet be more to come, with serious consequences.

“This actor is very serious and very capable, and that's what separates them from many of the operations that we'll probably see in the coming weeks or months,” Hultquist says. “A lot of actors are going to make threats. This is one that can follow through on those threats.”

_Updated June 18, 2025, at 10:52 am EDT: Added additional context and comments from cybersecurity researcher Hamid Kashfi._

Israel-Tied Predatory Sparrow Hackers Are Waging Cyberwar on Iran’s Financial System

Several Instagram ads have been found impersonating banks, including the usage of deepfake videos to defraud consumers.

Ads on Instagram—including deepfake videos—are impersonating trusted financial institutions like Bank of Montreal (BMO) and EQ Bank (Equitable Bank) in order to scam people, according to BleepingComputer.

There are some variations in how the scammers approach this. Some use Artificial Intelligence (AI) to create deepfake videos aimed at gathering personal information, while others link to typosquatted domains that not just look the same but also have very similar domain names as the impersonated bank.

BleepingComputer shows an example of an advertisement, which claims to be from “Eq Marketing” and closely mimics EQ Bank’s branding and color scheme, while promising a rather optimistic interest yield of “4.5%”.

_Image courtesy of BleepingComputer_

In this example, using the “Yes, continue with my account” button presents the user with a fraudulent “EQ Bank” login screen, prompting the visitor to provide their banking credentials. From there, it’s likely the scammers will empty the bank account and move on to their next victim.

Another fraudulent ad impersonates BMO bank’s Chief Investment Strategist and leader of the Investment Strategy Group Brian Belski. This may lead people to believe they are getting valuable financial advice, for example by luring them to a “private WhatsApp investment group”.

Impersonations of bank employees and authorities are increasing and can often sound very convincing. These scammers demand immediate payment or action to avoid further impacts, which can dupe individuals into inadvertently sending money to a fraudulent account.

It’s not just Instagram where WhatsApp investment groups are used as a lure by scammers. On X we see invites like these several times a week.

**Recommendations to stay safe**

As cyberthreats and financial scams become more sophisticated, it is increasingly difficult for individuals to determine if a request coming via social media, email, text, phone call or even video call is authentic.

By staying alert and proactive, you can outsmart even the most convincing deepfake scams. Remember, a healthy dose of skepticism is your best companion in the digital age.

*   **Verify before you trust:** Always double-check the legitimacy of any ad or message claiming to be from your bank. Visit your bank’s official website or contact them directly using verified contact details before taking any action.
*   **Doublecheck the advertiser account:** BleepingComputer found that the advertiser accounts running the fake ads on Instagram only had pages on Facebook, not on Instagram itself.
*   **Look for red flags:** Be wary of ads that create a sense of urgency, promise unrealistic rewards, or ask for sensitive information like passwords or PINs. Authentic banks will never request such details through social media or ads.
*   **Scrutinize visuals and language:** Deepfakes can be convincing, but subtle inconsistencies in video quality, unnatural facial movements, or awkward phrasing can be giveaways. Trust your instincts if something feels off.
*   **Enable Multi-Factor Authentication (MFA) :** Strengthen your account security by enabling two-factor authentication on your banking and social media accounts. This adds an extra layer of protection even if your credentials are compromised.
*   **Report suspicious content:** If you encounter a suspicious ad or message, report it to Instagram and notify your bank immediately. Your vigilance can help prevent others from falling victim.
*   **Use web protection:** This can range from programs that block known malicious sites, to browser extensions that can detect skimmers, to sophisticated assistants that you can ask if something is a scam.
*   **Stay informed:** Keep up to date with the latest scam tactics and security advice from your bank and reputable cybersecurity sources. Awareness is your best defense.

**We don’t just report on threats – we help protect your social media**

Cybersecurity risks should never spread beyond a headline. Protect your social media accounts by using Malwarebytes Identity Theft Protection.

 Fake bank ads on Instagram scam victims out of money 

Cato CTRL uncovers new WormGPT variants on Telegram powered by jailbroken Grok and Mixtral. Learn how cybercriminals jailbreak top LLMs for uncensored, illegal activities in this latest threat research.

Despite its reported shutdown in 2023, the WormGPT a type of uncensored artificial intelligence (AI) tool for illegal acts, is making a comeback. New research from Cato CTRL, the threat intelligence team at Cato Networks, reveals that WormGPT is now exploiting powerful large language models (LLMs) from well-known AI companies, including xAI’s Grok and Mistral AI’s Mixtral.

This means cybercriminals are using jailbreaking techniques to bypass the built-in safety features of these advanced LLMs (AI systems that generate human-like text, like OpenAI’s ChatGPT). By jailbreaking them, criminals force the AI to produce “uncensored responses to a wide range of topics,” even if these are “unethical or illegal,” researchers noted in their blog post shared with Hackread.com.

****The Evolution of a Malicious Tool****

WormGPT first appeared in March 2023 on an underground online forum called Hack Forums, with its public release following later in mid-2023, as reported by Hackread.com. The creator, known by the alias Last, reportedly started developing the tool in February 2023.

WormGPT was initially based on GPT-J, an open-source LLM developed in 2021. It was offered for a subscription fee, typically between €60 to €100 per month, or €550 annually, with a private setup costing around €5,000.

However, the original WormGPT was shut down on August 8, 2023, after investigative reporter Brian Krebs published a story identifying the person behind Last as Rafael Morais, leading to widespread media attention.

Despite this, WormGPT has now become a recognized brand for a new group of such tools. Security researcher Vitaly Simonovich from Cato Networks stated, “WormGPT now serves as a recognizable brand for a new class of uncensored LLMs.”

He added that these new versions aren’t entirely new creations but are built by criminals cleverly changing existing LLMs. They do this by altering hidden instructions called system prompts and possibly by training the AI with illegal data.

****New Variants and Their Power****

Cato CTRL’s research found previously unreported WormGPT variants advertised on other cybercrime forums like BreachForums. For example, a variant named “xzin0vich-WormGPT” was posted on October 26, 2024, and “keanu-WormGPT” appeared on February 25, 2025. Access to these new versions is via Telegram chatbots, also on a subscription basis.

WormGPT Advert (Source: Cato CTRL)

Through their testing, Cato CTRL confirmed that keanu-WormGPT is powered by xAI’s Grok, while xzin0vich-WormGPT is based on Mistral AI’s Mixtral. This means criminals are successfully using top-tier commercial LLMs to generate malicious content like phishing emails and scripts for stealing information.

keanu-WormGPT reveals the malicious chatbot has been powered by Grok (Screenshot: CATO Networks)

The emergence of these tools, alongside other uncensored LLMs like FraudGPT and DarkBERT, shows a growing market for AI-powered crime tools and highlights the constant challenge of securing AI systems.

J Stephen Kowski, Field CTO at SlashNext Email Security+ commented on the latest development stating, _“_The WormGPT evolution shows how criminals are getting smarter about using AI tools – but let’s be honest, these are general-purpose tools and anyone building these tools without expecting malicious use in the long term was pretty naive._“_

_“_What’s really concerning is that these aren’t new AI models built from scratch – they’re taking trusted systems and breaking their safety rules to create weapons for cybercrime,_“_ he warned. _“_This means organizations need to think beyond just blocking known bad tools and start looking at how AI-generated content behaves, regardless of which platform created it._“_

WormGPT Makes a Comeback Using Jailbroken Grok and Mixtral Models

Attackers are increasingly hiding in plain sight, using the same tools IT and security teams rely on for daily operations. This blog breaks down common techniques and provides recommendations to defenders.

Wednesday, June 18, 2025 06:09

Late one Tuesday night, Elena’s phone buzzed with an alert from her company’s SIEM. Her team had set up a rule to flag when certain system tools — whoami, nltest and nslookup—were run one after another in quick succession. That exact pattern had just triggered on a computer in the Finance Department. The time? 2:13 a.m.

Concerned, Elena logged in from home to investigate. Almost immediately, two more alerts appeared. One signaled that Mimikatz (a tool popular with threat actors to steal credentials) had been used on the same Finance machine. The other reported a PsExec download (a command line tool used to execute processes) on a domain controller.

Elena and her team began isolating systems and tracing the activity, determined to stop it before it spread any further. What first looked like routine system commands now clearly pointed to something more serious.

This story is a compartmentalized version of something we’re seeing more and more often in Cisco Talos Incident Response engagements: Rather than inventing their own tools, attackers are making use of familiar, legitimate software — just with a very different purpose. 

**What exactly are LOLBins?**

A big part of this trend revolves around “living off the land binaries,” or LOLBins. LOLBins are tools built into an operating system that attackers can use to carry out malicious actions without having to download or install any new software or utilities.

They’re especially concerning because they’re already installed, trusted, and frequently used for normal IT tasks, making them difficult to detect or block without disrupting operations.

Defenders can reference the “Living Off The Land Binaries, Scripts and Libraries” or LOLBAS project, which maintains a list of known LOLBins on GitHub.

**But it’s not just LOLBins…**

LOLBins were used often across Talos IR engagements in 2024, but we actually saw a wider variety of commercial and open-source tools used as well. Threat actors likely gravitate towards these because they can choose which tools best suit their needs best (or which commercial tools will blend into the victim environment). 

Take DonPAPI, for example. This is an open-source tool observed in several recent Talos IR engagements that automates credential dumping remotely on multiple Windows computers. It locates and retrieves Windows Data Protection API (DPAPI) protected credentials, a process also known as “DPAPI dumping.” DonPAPI searches for certain files, including Wi-Fi keys, RDP passwords and credentials saved in web browsers, to help authenticate and move laterally to identify other assets in the environment.

From an identity perspective, open-source tools like DonPAPI pose a significant risk to organizations based on their wide availability on code repositories like GitHub and their ease of installation. 

Here’s how this plays out in the field, using the top three examples of most used tools as observed in Cisco Talos’ 2024 Year in Review:

These tools weren’t built for attackers, but they’ve become some of the most common ingredients in ransomware and advanced persistent threat (APT) campaigns.

In a recent episode of The Talos Threat Perspective, one of our senior Talos IR consultants spoke about tools that were created for legitimate purposes (e.g., HRSword, REMCOS RAT and Cobalt Strike), but played a large part in the ransomware engagements investigated by Talos IR in 2025.

Lately, Talos has seen an increase in the use of remote monitoring and management (RMM) tools during attacks — the same kind of software IT teams and managed service providers rely on to access systems remotely. These tools are designed for legitimate use, but in the wrong hands, they become a stealthy way to maintain persistence on compromised systems without raising alarms.

One colleague shared a story that stuck with me: In some incidents, the attackers showed up with an entire toolkit of RMM software, testing each one to see which would slip through unnoticed (or not get blocked). Often, they’d use exactly the same tools already trusted by the target or their service provider, such as ScreenConnect or AnyDesk.

It’s like they arrived at the front door with a ring full of keys, trying each one until something clicked. And when the tool they use is something the environment already knows — already trusts — the question becomes: how do you spot the intruder when they’re using your own keys?

**How do you detect something that looks normal?**

Let’s go back to Elena. Her team stopped the attack not just because of the alert, but because they knew what should be running on that workstation. They had clear asset inventories and network behavior baselines, and they conducted continuous anomaly monitoring.

That’s really the heart of what works best when it comes to detecting these types of attacks:

*   Asset management: Know what’s installed and where. Know who owns what assets and what high-privileged accounts are for.
*   Behavioral baselining: Understand what “normal” looks like.
*   Continuous monitoring: Configure detections to catch known TTPs and subtle deviations from baselines.
*   Threat intel alignment: Use current trends like the DonPAPI surge to inform what you log and watch for. Talos’ blog and IR reports are great resources to keep up with industry trends.

**Bottom line**

Whether it’s PsExec, DonPAPI or TeamViewer, attackers are increasingly hiding in plain sight, using the same tools IT and security teams rely on for daily operations.

Detecting malicious use of legitimate tools isn’t just about recognizing what’s running. It’s about asking why it’s running.

Sometimes, the only difference between a routine operation and a breach is the analyst who stopped to ask: “Why was that tool running at 2:13 a.m.?”

Tag

#intel