New Malware Uses GPT-4 To Generate Attacks On The Fly - 1

Image by Xavier Cee, from Unsplash

New Malware Uses GPT-4 To Generate Attacks On The Fly

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

Security researchers have found early evidence of malware that uses large language models (LLMs) to generate malicious actions on the fly.

In a rush? Here are the quick facts:

  • Researchers found malware using LLMs to generate code at runtime.
  • Malware dubbed MalTerminal used GPT-4 to build ransomware and shells.
  • Traditional antivirus tools struggle to detect runtime-generated malicious code.

The findings were presented at LABScon 2025 in a talk titled “ LLM-Enabled Malware In the Wild. ”

According to SentinelLABS, “LLM-enabled malware poses new challenges for detection and threat hunting as malicious logic can be generated at runtime rather than embedded in code.”

These threats operate through execution-based methods which make them impossible for standard antivirus systems to detect because the harmful code does not exist until execution time.

The team identified what they believe may be the earliest case of this kind of malware, which they dubbed ‘MalTerminal’. The system based on Python employs GPT-4 API from OpenAI to generate ransomware attacks and reverse shell attacks.

The researchers documented additional offensive tools, which included vulnerability injectors, and phishing aids to show how attackers experiment with LLMs.

“On the face of it, malware that offloads its malicious functionality to an LLM that can generate code-on-the-fly looks like a detection engineer’s nightmare,” the researchers wrote.

Other cases include ‘PromptLock’, which first emerged as an AI-based ransomware in 2023, and PROMPTSTEAL, a malware connected to the Russian group APT28. The researchers explain that PROMPTSTEAL embedded 284 HuggingFace API keys and used LLMs to produce system commands for stealing files.

Researchers found that despite their sophistication, LLM-enabled malware must include “embedded API keys and prompts,” leaving traces that defenders can track. They wrote, “This makes LLM enabled malware something of a curiosity: a tool that is uniquely capable, adaptable, and yet also brittle.”

For now, the use of LLM-enabled malware appears rare and mostly experimental. But experts warn that as adversaries refine their methods, these tools could become a serious cybersecurity threat.

FTC Sues Ticketmaster for Working With Scalpers and Inflating Prices - 2

Image by Jessica Christian, from Unsplash

FTC Sues Ticketmaster for Working With Scalpers and Inflating Prices

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

The Federal Trade Commission (FTC) and seven states started legal proceedings against Live Nation and Ticketmaster accusing them of having used scalpers to inflate ticket prices and deceive both fans and artists.

In a rush? Here are the quick facts:

  • Ticketmaster employees admitted turning a “blind eye” to brokers.
  • One broker managed over 13,000 accounts to bypass ticket limits.
  • TradeDesk software helped scalpers manage bulk ticket purchases.

The complaint alleges that Ticketmaster “tacitly coordinating with brokers and allowing them to harvest millions of dollars worth of tickets in the primary market.” Those tickets were then resold at high markups, with Ticketmaster profiting from extra fees on its own resale platform. The FTC says this practice cost customers “billions in inflated prices and additional fees.”

FTC Chairman Andrew N. Ferguson said, “American live entertainment is the best in the world and should be accessible to all of us. It should not cost an arm and a leg to take the family to a baseball game or attend your favorite musician’s show.”

According to court records, Ticketmaster employees admitted internally that turning a “blind eye” to brokers became “a matter of policy.” One review found five major brokers controlled thousands of fake accounts, buying hundreds of thousands of tickets. A single broker operated more than 13,000 accounts from 2020 to 2024 to evade account restrictions, as reported by ArsTechnica .

Ticketmaster reportedly gave IT support to ticket scalpers instead of stopping their operations. Indeed, the TradeDesk software system provided brokers with a single platform to handle tickets from various accounts. In one case, an executive admitted that deploying stronger security was avoided because it was “too effective.”

Ticketmaster faces legal action because their system practices “bait-and-switch” pricing which conceals fees that can amount to 44% of ticket prices until customers reach the checkout stage. The fees generated between 2019 and 2024 added up to $16.4 billion.

The FTC victory would impose major civil penalties on Ticketmaster and Live Nation while also limiting their business activities. Seven states including Florida and Illinois and Virginia have joined the case.