Prompts as Code & Embedded Keys | The Hunt for LLM-Enabled Malware
This research explores the challenges posed by LLM-enabled malware, which can generate malicious logic at runtime. The study identifies characteristics of such malware, including embedded API keys and specific prompt structures. Notable cases like PromptLock and APT28's LameHug are examined. The researchers developed hunting strategies based on API key detection and prompt analysis, leading to the discovery of new samples, including 'MalTerminal'. The implications for defenders are discussed, highlighting both the adaptability and potential brittleness of LLM-enabled malware. The research also uncovered various offensive tools leveraging LLMs for operational capabilities.
AI Analysis
Technical Summary
This threat concerns the emergence of LLM-enabled malware, a novel class of malicious software that leverages large language models (LLMs) to dynamically generate malicious logic at runtime. Unlike traditional malware with static payloads, LLM-enabled malware can adapt its behavior by generating code or commands on the fly based on embedded prompts and API keys. The research highlights specific malware families and campaigns such as PromptLock and APT28's LameHug, which utilize these techniques. These malware samples embed API keys within their code to interact with external LLM services, enabling them to craft sophisticated attack logic dynamically. The study also uncovered new samples like 'MalTerminal' that demonstrate the operational capabilities of LLM-powered offensive tools. The malware uses prompt engineering to control the LLM's output, effectively turning prompts into executable code segments. This approach increases malware adaptability and complexity, making detection and mitigation more challenging. The research team developed hunting strategies focusing on detecting embedded API keys and analyzing prompt structures to identify these threats. The findings underscore both the potential brittleness of LLM-enabled malware—due to reliance on external APIs and prompt design—and their adaptability, which can evade traditional signature-based defenses. The threat also involves tactics and techniques mapped to MITRE ATT&CK IDs such as T1071 (Application Layer Protocol), T1219 (Remote Access Software), T1059 (Command and Scripting Interpreter), T1083 (File and Directory Discovery), T1027 (Obfuscated Files or Information), T1486 (Data Encrypted for Impact), T1573 (Encrypted Channel), and T1588 (Obtain Capabilities), indicating a broad and sophisticated attack surface.
Potential Impact
For European organizations, the impact of LLM-enabled malware could be significant due to the advanced adaptability and stealth of such threats. The dynamic generation of malicious logic at runtime complicates detection, increasing the risk of prolonged undetected intrusions. The embedding of API keys and reliance on external LLM services could enable attackers to tailor attacks specifically to targeted environments, potentially leading to data exfiltration, ransomware deployment, or operational disruption. Critical infrastructure, government agencies, and enterprises with sensitive data are at heightened risk, as adversaries like APT28 have historically targeted such entities in Europe. The use of encrypted channels and obfuscation techniques further complicates incident response and forensic analysis. Additionally, the novelty of this malware type means existing security tools may lack signatures or heuristics to detect it effectively, increasing the likelihood of successful compromise. The operational capabilities demonstrated by tools like MalTerminal suggest attackers can automate complex attack sequences, increasing attack speed and scale. Overall, European organizations face a medium to high risk from this evolving threat, especially those in sectors with strategic importance or high-value data.
Mitigation Recommendations
Mitigation should focus on advanced threat hunting and detection strategies tailored to LLM-enabled malware characteristics. Organizations should implement monitoring for unusual API key usage within their environments, including scanning for embedded keys in code repositories, binaries, and network traffic. Behavioral analysis tools should be enhanced to detect dynamic code generation and execution patterns indicative of prompt-driven malware. Endpoint detection and response (EDR) solutions must be tuned to identify suspicious scripting activity and obfuscation techniques aligned with MITRE ATT&CK tactics noted in this threat. Network monitoring should include inspection of application layer protocols for anomalous encrypted communications potentially linked to LLM API interactions. Security teams should develop and deploy custom detection rules focusing on prompt structures and API key patterns, leveraging threat intelligence feeds such as those from AlienVault and SentinelOne. Regular threat hunting exercises using these indicators can help identify early-stage infections. Additionally, organizations should enforce strict access controls and secrets management to prevent leakage of API keys and credentials. Employee awareness programs should highlight the risks of novel malware leveraging AI technologies. Finally, collaboration with industry peers and sharing of indicators of compromise (IOCs) will enhance collective defense against this emerging threat.
Affected Countries
Germany, France, United Kingdom, Italy, Netherlands, Poland, Belgium, Spain
Indicators of Compromise
- hash: 1854a4427eef0f74d16ad555617775ff
- hash: 2fdffdf0b099cc195316a85636e9636d
- hash: 3ca2eaf204611f3314d802c8b794ae2c
- hash: 636e13c7b4c334503e313d82d9f7e5a1
- hash: 74eb831b26a21d954261658c72145128
- hash: 7f7e8d9bbb835f03084d088d5bb722af
- hash: 806f552041f211a35e434112a0165568
- hash: 81cd20319c8f0b2ce499f9253ce0a6a8
- hash: abe531e9f1e642c47260fac40dc41f59
- hash: ac377e26c24f50b4d9aaa933d788c18c
- hash: bfebff2b4faa94e2d7fa386aca9e368b
- hash: cafe08392d476a057d85de4983bac94e
- hash: ed229f3442f2d45f6fdd4f3a4c552c1c
- hash: f72c45b658911ad6f5202de55ba6ed5c
- hash: f7cf07f2bf07cfc054ac909d8ae6223d
- hash: 04e86c2acee351bab019fe505aeaa6ab6b4d77d7
- hash: 161cdcdb46fb8a348aec609a86ff5823752065d2
- hash: 24bf7b72f54aa5b93c6681b4f69e579a47d7c102
- hash: 26afdde3fae3f771a1157350d6e7f8c3bac571df
- hash: 4cf6812ef24341b512ee8e76226a649f0efe4f65
- hash: 569ff9213b030ab862c5cadacaad8159a0a2c627
- hash: 5ff35cfd6d5e606baa4625609a53a551b087e241
- hash: 639dbc9b365096d6347142fcae64725bd9f73270
- hash: 6591e6eee4fefaee9f214dfa872e15d426f695fc
- hash: 8c7bcafce90f5fb121131ecb27346ecfc6e961c5
- hash: ad223fe2bb4563446aee5227357bbfdc8ada3797
- hash: bb8fb75285bcd151132a3287f2786d4d91da58b8
- hash: cc06e6373be0a426e741f97f560d4d97a3f28dfa
- hash: e065bec7855235dedfec5e66392b81b7a2234d0b
- hash: f3f4c40c344695388e10cbf29ddb18ef3b61f7ef
- hash: 09bf891b7b35b2081d3ebca8de715da07a70151227ab55aec1da26eb769c006f
- hash: 1458b6dc98a878f237bfb3c3f354ea6e12d76e340cefe55d6a1c9c7eb64c9aee
- hash: 1612ab799df51a7f1169d3f47ea129356b42c8ad81286d05b0256f80c17d4089
- hash: 165eaf8183f693f644a8a24d2ec138cd4f8d9fd040e8bafc1b021a0f973692dd
- hash: 2755e1ec1e4c3c0cd94ebe43bd66391f05282b6020b2177ee3b939fdd33216f6
- hash: 2eb18873273e157a7244bb165d53ea3637c76087eea84b0ab635d04417ffbe1b
- hash: 3082156a26534377a8a8228f44620a5bb00440b37b0cf7666c63c542232260f2
- hash: 384e8f3d300205546fb8c9b9224011b3b3cb71adc994180ff55e1e6416f65715
- hash: 3afbb9fe6bab2cad83c52a3f1a12e0ce979fe260c55ab22a43c18035ff7d7f38
- hash: 4c73717d933f6b53c40ed1b211143df8d011800897be1ceb5d4a2af39c9d4ccc
- hash: 4ddbc14d8b6a301122c0ac6e22aef6340f45a3a6830bcdacf868c755a7162216
- hash: 5ab16a59b12c7c5539d9e22a090ba6c7942fbc5ab8abbc5dffa6b6de6e0f2fc6
- hash: 5f6bfdd430a23afdc518857dfff25a29d85ead441dfa0ee363f4e73f240c89f4
- hash: 68ca559bf6654c7ca96c10abb4a011af1f4da0e6d28b43186d1d48d2f936684c
- hash: 75b4ad99f33d1adbc0d71a9da937759e6e5788ad0f8a2c76a34690ef1c49ebf5
- hash: 766c356d6a4b00078a0293460c5967764fcd788da8c1cd1df708695f3a15b777
- hash: 7bbb06479a2e554e450beb2875ea19237068aa1055a4d56215f4e9a2317f8ce6
- hash: 8013b23cb78407675f323d54b6b8dfb2a61fb40fb13309337f5b662dbd812a5d
- hash: 854b559bae2ce8700edd75808267cfb5f60d61ff451f0cf8ec1d689334ac8d0b
- hash: 943d3537730e41e0a6fe8048885a07ea2017847558a916f88c2c9afe32851fe6
- hash: a30930dfb655aa39c571c163ada65ba4dec30600df3bf548cc48bedd0e841416
- hash: a32a3751dfd4d7a0a66b7ecbd9bacb5087076377d486afdf05d3de3cb7555501
- hash: a67465075c91bb15b81e1f898f2b773196d3711d8e1fb321a9d6647958be436b
- hash: ae6ed1721d37477494f3f755c124d53a7dd3e24e98c20f3a1372f45cc8130989
- hash: b2bda70318af89b9e82751eb852ece626e2928b94ac6af6e6c7031b3d016ebd2
- hash: b3fcba809984eaffc5b88a1bcded28ac50e71965e61a66dd959792f7750b9e87
- hash: b43e7d481c4fdc9217e17908f3a4efa351a1dab867ca902883205fe7d1aab5e7
- hash: b49aa9efd41f82b34a7811a7894f0ebf04e1d9aab0b622e0083b78f54fe8b466
- hash: bb2836148527744b11671347d73ca798aca9954c6875082f9e1176d7b52b720f
- hash: bdb33bbb4ea11884b15f67e5c974136e6294aa87459cdc276ac2eea85b1deaa3
- hash: c1a80983779d8408a9c303d403999a9aef8c2f0fe63f8b5ca658862f66f3db16
- hash: c5ae843e1c7769803ca70a9d5b5574870f365fb139016134e5dd3cb1b1a65f5f
- hash: c86a5fcefbf039a72bd8ad5dc70bcb67e9c005f40a7bacd2f76c793f85e9a061
- hash: cf4d430d0760d59e2fa925792f9e2b62d335eaf4d664d02bff16dd1b522a462a
- hash: d1b48715ace58ee3bfb7af34066491263b885bd865863032820dccfe184614ad
- hash: d6af1c9f5ce407e53ec73c8e7187ed804fb4f80cf8dbd6722fc69e15e135db2e
- hash: dc9f49044d16abfda299184af13aa88ab2c0fda9ca7999adcdbd44e3c037a8b1
- hash: e24fe0dd0bf8d3943d9c4282f172746af6b0787539b371e6626bdb86605ccd70
- hash: e88a7b9ad5d175383d466c5ad7ebd7683d60654d2fa2aca40e2c4eb9e955c927
Prompts as Code & Embedded Keys | The Hunt for LLM-Enabled Malware
Description
This research explores the challenges posed by LLM-enabled malware, which can generate malicious logic at runtime. The study identifies characteristics of such malware, including embedded API keys and specific prompt structures. Notable cases like PromptLock and APT28's LameHug are examined. The researchers developed hunting strategies based on API key detection and prompt analysis, leading to the discovery of new samples, including 'MalTerminal'. The implications for defenders are discussed, highlighting both the adaptability and potential brittleness of LLM-enabled malware. The research also uncovered various offensive tools leveraging LLMs for operational capabilities.
AI-Powered Analysis
Technical Analysis
This threat concerns the emergence of LLM-enabled malware, a novel class of malicious software that leverages large language models (LLMs) to dynamically generate malicious logic at runtime. Unlike traditional malware with static payloads, LLM-enabled malware can adapt its behavior by generating code or commands on the fly based on embedded prompts and API keys. The research highlights specific malware families and campaigns such as PromptLock and APT28's LameHug, which utilize these techniques. These malware samples embed API keys within their code to interact with external LLM services, enabling them to craft sophisticated attack logic dynamically. The study also uncovered new samples like 'MalTerminal' that demonstrate the operational capabilities of LLM-powered offensive tools. The malware uses prompt engineering to control the LLM's output, effectively turning prompts into executable code segments. This approach increases malware adaptability and complexity, making detection and mitigation more challenging. The research team developed hunting strategies focusing on detecting embedded API keys and analyzing prompt structures to identify these threats. The findings underscore both the potential brittleness of LLM-enabled malware—due to reliance on external APIs and prompt design—and their adaptability, which can evade traditional signature-based defenses. The threat also involves tactics and techniques mapped to MITRE ATT&CK IDs such as T1071 (Application Layer Protocol), T1219 (Remote Access Software), T1059 (Command and Scripting Interpreter), T1083 (File and Directory Discovery), T1027 (Obfuscated Files or Information), T1486 (Data Encrypted for Impact), T1573 (Encrypted Channel), and T1588 (Obtain Capabilities), indicating a broad and sophisticated attack surface.
Potential Impact
For European organizations, the impact of LLM-enabled malware could be significant due to the advanced adaptability and stealth of such threats. The dynamic generation of malicious logic at runtime complicates detection, increasing the risk of prolonged undetected intrusions. The embedding of API keys and reliance on external LLM services could enable attackers to tailor attacks specifically to targeted environments, potentially leading to data exfiltration, ransomware deployment, or operational disruption. Critical infrastructure, government agencies, and enterprises with sensitive data are at heightened risk, as adversaries like APT28 have historically targeted such entities in Europe. The use of encrypted channels and obfuscation techniques further complicates incident response and forensic analysis. Additionally, the novelty of this malware type means existing security tools may lack signatures or heuristics to detect it effectively, increasing the likelihood of successful compromise. The operational capabilities demonstrated by tools like MalTerminal suggest attackers can automate complex attack sequences, increasing attack speed and scale. Overall, European organizations face a medium to high risk from this evolving threat, especially those in sectors with strategic importance or high-value data.
Mitigation Recommendations
Mitigation should focus on advanced threat hunting and detection strategies tailored to LLM-enabled malware characteristics. Organizations should implement monitoring for unusual API key usage within their environments, including scanning for embedded keys in code repositories, binaries, and network traffic. Behavioral analysis tools should be enhanced to detect dynamic code generation and execution patterns indicative of prompt-driven malware. Endpoint detection and response (EDR) solutions must be tuned to identify suspicious scripting activity and obfuscation techniques aligned with MITRE ATT&CK tactics noted in this threat. Network monitoring should include inspection of application layer protocols for anomalous encrypted communications potentially linked to LLM API interactions. Security teams should develop and deploy custom detection rules focusing on prompt structures and API key patterns, leveraging threat intelligence feeds such as those from AlienVault and SentinelOne. Regular threat hunting exercises using these indicators can help identify early-stage infections. Additionally, organizations should enforce strict access controls and secrets management to prevent leakage of API keys and credentials. Employee awareness programs should highlight the risks of novel malware leveraging AI technologies. Finally, collaboration with industry peers and sharing of indicators of compromise (IOCs) will enhance collective defense against this emerging threat.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Author
- AlienVault
- Tlp
- white
- References
- ["https://www.sentinelone.com/labs/prompts-as-code-embedded-keys-the-hunt-for-llm-enabled-malware"]
- Adversary
- APT28
- Pulse Id
- 68d5097ace5dc1d6a0b8f9d0
- Threat Score
- null
Indicators of Compromise
Hash
| Value | Description | Copy |
|---|---|---|
hash1854a4427eef0f74d16ad555617775ff | — | |
hash2fdffdf0b099cc195316a85636e9636d | — | |
hash3ca2eaf204611f3314d802c8b794ae2c | — | |
hash636e13c7b4c334503e313d82d9f7e5a1 | — | |
hash74eb831b26a21d954261658c72145128 | — | |
hash7f7e8d9bbb835f03084d088d5bb722af | — | |
hash806f552041f211a35e434112a0165568 | — | |
hash81cd20319c8f0b2ce499f9253ce0a6a8 | — | |
hashabe531e9f1e642c47260fac40dc41f59 | — | |
hashac377e26c24f50b4d9aaa933d788c18c | — | |
hashbfebff2b4faa94e2d7fa386aca9e368b | — | |
hashcafe08392d476a057d85de4983bac94e | — | |
hashed229f3442f2d45f6fdd4f3a4c552c1c | — | |
hashf72c45b658911ad6f5202de55ba6ed5c | — | |
hashf7cf07f2bf07cfc054ac909d8ae6223d | — | |
hash04e86c2acee351bab019fe505aeaa6ab6b4d77d7 | — | |
hash161cdcdb46fb8a348aec609a86ff5823752065d2 | — | |
hash24bf7b72f54aa5b93c6681b4f69e579a47d7c102 | — | |
hash26afdde3fae3f771a1157350d6e7f8c3bac571df | — | |
hash4cf6812ef24341b512ee8e76226a649f0efe4f65 | — | |
hash569ff9213b030ab862c5cadacaad8159a0a2c627 | — | |
hash5ff35cfd6d5e606baa4625609a53a551b087e241 | — | |
hash639dbc9b365096d6347142fcae64725bd9f73270 | — | |
hash6591e6eee4fefaee9f214dfa872e15d426f695fc | — | |
hash8c7bcafce90f5fb121131ecb27346ecfc6e961c5 | — | |
hashad223fe2bb4563446aee5227357bbfdc8ada3797 | — | |
hashbb8fb75285bcd151132a3287f2786d4d91da58b8 | — | |
hashcc06e6373be0a426e741f97f560d4d97a3f28dfa | — | |
hashe065bec7855235dedfec5e66392b81b7a2234d0b | — | |
hashf3f4c40c344695388e10cbf29ddb18ef3b61f7ef | — | |
hash09bf891b7b35b2081d3ebca8de715da07a70151227ab55aec1da26eb769c006f | — | |
hash1458b6dc98a878f237bfb3c3f354ea6e12d76e340cefe55d6a1c9c7eb64c9aee | — | |
hash1612ab799df51a7f1169d3f47ea129356b42c8ad81286d05b0256f80c17d4089 | — | |
hash165eaf8183f693f644a8a24d2ec138cd4f8d9fd040e8bafc1b021a0f973692dd | — | |
hash2755e1ec1e4c3c0cd94ebe43bd66391f05282b6020b2177ee3b939fdd33216f6 | — | |
hash2eb18873273e157a7244bb165d53ea3637c76087eea84b0ab635d04417ffbe1b | — | |
hash3082156a26534377a8a8228f44620a5bb00440b37b0cf7666c63c542232260f2 | — | |
hash384e8f3d300205546fb8c9b9224011b3b3cb71adc994180ff55e1e6416f65715 | — | |
hash3afbb9fe6bab2cad83c52a3f1a12e0ce979fe260c55ab22a43c18035ff7d7f38 | — | |
hash4c73717d933f6b53c40ed1b211143df8d011800897be1ceb5d4a2af39c9d4ccc | — | |
hash4ddbc14d8b6a301122c0ac6e22aef6340f45a3a6830bcdacf868c755a7162216 | — | |
hash5ab16a59b12c7c5539d9e22a090ba6c7942fbc5ab8abbc5dffa6b6de6e0f2fc6 | — | |
hash5f6bfdd430a23afdc518857dfff25a29d85ead441dfa0ee363f4e73f240c89f4 | — | |
hash68ca559bf6654c7ca96c10abb4a011af1f4da0e6d28b43186d1d48d2f936684c | — | |
hash75b4ad99f33d1adbc0d71a9da937759e6e5788ad0f8a2c76a34690ef1c49ebf5 | — | |
hash766c356d6a4b00078a0293460c5967764fcd788da8c1cd1df708695f3a15b777 | — | |
hash7bbb06479a2e554e450beb2875ea19237068aa1055a4d56215f4e9a2317f8ce6 | — | |
hash8013b23cb78407675f323d54b6b8dfb2a61fb40fb13309337f5b662dbd812a5d | — | |
hash854b559bae2ce8700edd75808267cfb5f60d61ff451f0cf8ec1d689334ac8d0b | — | |
hash943d3537730e41e0a6fe8048885a07ea2017847558a916f88c2c9afe32851fe6 | — | |
hasha30930dfb655aa39c571c163ada65ba4dec30600df3bf548cc48bedd0e841416 | — | |
hasha32a3751dfd4d7a0a66b7ecbd9bacb5087076377d486afdf05d3de3cb7555501 | — | |
hasha67465075c91bb15b81e1f898f2b773196d3711d8e1fb321a9d6647958be436b | — | |
hashae6ed1721d37477494f3f755c124d53a7dd3e24e98c20f3a1372f45cc8130989 | — | |
hashb2bda70318af89b9e82751eb852ece626e2928b94ac6af6e6c7031b3d016ebd2 | — | |
hashb3fcba809984eaffc5b88a1bcded28ac50e71965e61a66dd959792f7750b9e87 | — | |
hashb43e7d481c4fdc9217e17908f3a4efa351a1dab867ca902883205fe7d1aab5e7 | — | |
hashb49aa9efd41f82b34a7811a7894f0ebf04e1d9aab0b622e0083b78f54fe8b466 | — | |
hashbb2836148527744b11671347d73ca798aca9954c6875082f9e1176d7b52b720f | — | |
hashbdb33bbb4ea11884b15f67e5c974136e6294aa87459cdc276ac2eea85b1deaa3 | — | |
hashc1a80983779d8408a9c303d403999a9aef8c2f0fe63f8b5ca658862f66f3db16 | — | |
hashc5ae843e1c7769803ca70a9d5b5574870f365fb139016134e5dd3cb1b1a65f5f | — | |
hashc86a5fcefbf039a72bd8ad5dc70bcb67e9c005f40a7bacd2f76c793f85e9a061 | — | |
hashcf4d430d0760d59e2fa925792f9e2b62d335eaf4d664d02bff16dd1b522a462a | — | |
hashd1b48715ace58ee3bfb7af34066491263b885bd865863032820dccfe184614ad | — | |
hashd6af1c9f5ce407e53ec73c8e7187ed804fb4f80cf8dbd6722fc69e15e135db2e | — | |
hashdc9f49044d16abfda299184af13aa88ab2c0fda9ca7999adcdbd44e3c037a8b1 | — | |
hashe24fe0dd0bf8d3943d9c4282f172746af6b0787539b371e6626bdb86605ccd70 | — | |
hashe88a7b9ad5d175383d466c5ad7ebd7683d60654d2fa2aca40e2c4eb9e955c927 | — |
Threat ID: 68d54d90ac1bc8e99ea10717
Added to database: 9/25/2025, 2:11:28 PM
Last enriched: 9/25/2025, 2:12:04 PM
Last updated: 9/25/2025, 8:41:20 PM
Views: 7
Related Threats
From primitive crypto theft to sophisticated AI-based deception
MediumBookworm to Stately Taurus Using the Attribution Framework
MediumXCSSET evolves again: Analyzing the latest updates to XCSSET's inventory
MediumVietnamese Hackers Use Fake Copyright Notices to Spread Lone None Stealer
MediumAn emerging DDoS for hire botnet
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.