LLM-Enabled Malware in the Wild - LABScon25 Insights

LLM-enabled malware is rapidly shifting from proof-of-concept demos to operational threats that embed large language models directly inside malicious payloads. SentinelOne researchers Alex Delamotte and Gabriel Bernadett-Shapiro analyzed families such as PromptLock ransomware and APT28-linked LameHug/PROMPTSTEAL, focusing on samples that use LLMs as a core execution engine rather than as simple lures. These strains generate or transform malicious code at runtime, undermining traditional static-signature and sandbox approaches that expect payloads to be fully present on disk. Paradoxically, many LLM-enabled malware samples still hardcode high‑value artifacts, including provider API keys and prompt templates. By mining VirusTotal for these patterns, the team uncovered over 7,000 samples with more than 6,000 unique API keys, including early LLM-enabled malware like the MalTerminal family. They demonstrated two scalable hunting methods: YARA rules that match provider-specific key formats, such as Base64-encoded OpenAI identifiers, and prompt-hunting signatures that look for telltale instruction blocks embedded in binaries or scripts. Pairing these signatures with lightweight LLM classifiers made it possible to triage whether embedded prompts encode benign automation or clearly malicious intent like credential theft or code execution. For defenders, the research underscores that LLM-driven threats will increasingly evade conventional detections, but it also proves that prompts-as-code and exposed API keys form a lasting forensic trail. Enterprises integrating LLM APIs into internal tools or products now face a dual risk: their own keys being abused by attackers, and adversaries reusing similar techniques to deploy adaptive malware in enterprise environments.