Skip to main content
Live Webinar with SANS (June 25)— Agentic CTI Automation for Fun & ProfitRegister Free
Mallory
Back to malware
MalwareRansomware

KawaiiGPT

KawaiiGPT is a malicious large language model (LLM) / AI hacking tool first identified in July 2025 and described as version 2.5. It is an anime-themed, unrestricted offensive model advertised by its operators as "your sadistic cyber pentesting waifu" and "where cuteness meets cyber offense." Multiple sources in the provided content describe it as free, open source, publicly distributed on GitHub, easy to deploy in under five minutes on Linux, and capable of running on smartphones via Termux on Android.

The content consistently characterizes KawaiiGPT as an accessible, entry-level but functionally potent malicious LLM that lowers the barrier to entry for cybercrime and democratizes offensive capability for amateur users. It is grouped with other offensive LLMs such as WormGPT, GhostGPT, and Xanthorox, and is described as either an uncensored open-source model or part of the broader ecosystem of offensive LLMs marketed without content filters or safeguards.

Capabilities directly described in the content include generation of spear-phishing emails, malicious code, and attack scripts. Unit 42 testing cited in the content states that KawaiiGPT generated a spear-phishing email impersonating a bank with the subject "Urgent: Verify Your Account Information," directing victims to a fake verification site intended to steal credit card numbers, dates of birth, and login credentials. It also generated a Python lateral-movement script for Linux using Paramiko that authenticated as a legitimate user to obtain a remote shell and enabled privilege escalation, reconnaissance, backdoor installation, and sensitive file collection. Additional testing described a Python script for Windows that exfiltrated EML-formatted email files by sending them as attachments to an attacker-controlled address.

Across the supporting material, KawaiiGPT is also described more broadly as being used or marketed for phishing automation, malware development, reconnaissance, vulnerability exploitation, brute-force or credential-attack support, ransomware assistance, and AI-powered malware creation without restrictions or safeguards. Palo Alto Networks Unit 42 and Picus Security are specifically associated with documentation of the tool. No specific file hashes, domains, IPs, or other concrete IOCs for KawaiiGPT itself are provided in the content.

Share:
For your environment

Hunt this family in your stack

Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.

Start free trial
MITRE ATT&CK

Techniques & procedures

16 distinct techniques documented for this family, organized by ATT&CK tactic.

Reconnaissance

1 technique
T1590Gather Victim Network InformationEvidence1

key capabilities have been segmented into phishing automation, malware development, reconnaissance, brute force, vulnerability exploitation, and social engineering.

Initial Access

4 techniques
T1078Valid AccountsEvidence1

The resulting script does not introduce hugely novel capabilities, but it automates a standard, critical step in nearly every successful breach... as the generated code “authenticates as a legitimate user and grants the attacker a remote shell onto the new target machine.”

T1566PhishingEvidence7

AI has made significantly easier... Drafting phishing lures... Threat actors use it to systematically design lookalike phishing pages... draft convincing spear-phishing lures.

T1566.001Spearphishing AttachmentEvidence1

Threat actors are adopting artificial intelligence to reduce time spent on attack vectors and improve the quality of attacks... Its application ranges from generating spear-phishing emails to lure images and dynamic payload generation executed in real time.

T1566.002Spearphishing LinkEvidence2

The researchers tested its capabilities using prompts instructing it to create: a spear-phishing message generation with realistic domain spoofing and credential-harvesting links.

Execution

1 technique
T1059.006PythonEvidence1

a Python script for lateral movement that used the paramiko SSH library ... a Python script that recursively looked on a Windows filesystem for target files using os.walk, and then used Python’s smtplib library to pack and exfiltrate the data

Persistence

1 technique
T1078Valid AccountsEvidence1

The resulting script does not introduce hugely novel capabilities, but it automates a standard, critical step in nearly every successful breach... as the generated code “authenticates as a legitimate user and grants the attacker a remote shell onto the new target machine.”

Privilege Escalation

1 technique
T1078Valid AccountsEvidence1

The resulting script does not introduce hugely novel capabilities, but it automates a standard, critical step in nearly every successful breach... as the generated code “authenticates as a legitimate user and grants the attacker a remote shell onto the new target machine.”

Stealth

1 technique
T1078Valid AccountsEvidence1

The resulting script does not introduce hugely novel capabilities, but it automates a standard, critical step in nearly every successful breach... as the generated code “authenticates as a legitimate user and grants the attacker a remote shell onto the new target machine.”

Credential Access

1 technique
T1056Input CaptureEvidence2

Prompts produce credential-harvesting emails with professional formatting and subject lines such as "Urgent: Verify Your Account Information."

Discovery

1 technique
T1083File and Directory DiscoveryEvidence1

a Python script that recursively looked on a Windows filesystem for target files using os.walk

Lateral Movement

2 techniques
T1021.004SSHEvidence3

a Python script for lateral movement that used the paramiko SSH library to connect to a host and execute commands remotely via exec_command()

T1570Lateral Tool TransferEvidence2

Sellers tout benefits such as... Python script for SSH lateral movement with remote shell access in under a minute.

Collection

2 techniques
T1056Input CaptureEvidence2

Prompts produce credential-harvesting emails with professional formatting and subject lines such as "Urgent: Verify Your Account Information."

T1560Archive Collected DataEvidence1

Data exfiltration prompts generate code that goes through every folder and subfolder to find EML files - the standard format for saved emails - and then uses Python's built-in email-sending tool smtplib to forward those files to an attacker.

Command and Control

2 techniques
T1105Ingress Tool TransferEvidence1

the researchers warn that its command execution capability could allow attackers to escalate privileges, steal data, and drop and execute additional payloads.

T1219Remote Access ToolsEvidence1

Lateral movement requests generate Python scripts using paramiko for SSH authentication and remote shell access.

Exfiltration

2 techniques
T1048Exfiltration Over Alternative ProtocolEvidence2

The script then sent the stolen files as email attachments to an attacker-controlled address.

T1048.003Exfiltration Over Unencrypted Non-C2 ProtocolEvidence1

used Python’s smtplib library to pack and exfiltrate the data to an attacker-controlled address

Other

1 technique
T1656ImpersonationEvidence1

key capabilities have been segmented into phishing automation, malware development, reconnaissance, brute force, vulnerability exploitation, and social engineering.

INDICATORS OF COMPROMISE

IOCs tracked for this family

2 indicators attributed across vendor reports, sandbox runs, and researcher write-ups. Full values are available in Mallory.

View more in app
Network
1 tracked

IPs, domains, and DNS infrastructure linked to this family.

Other
1 tracked

Other indicator types observed in public reporting.

TypeValueLatest sighting
uri●●●●●●●●●●●●View more in app7 months ago
domain●●●●●●●●●●●●View more in app7 months ago
ACTIVITY FEED

Recent activity

10 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

10 SOURCESView more in app
intezer blogNews
Jun 3, 2026
How attackers are gaining access to LLM inference - Intezer

Cyber-oriented LLM marketed on underground forums for offensive use without content filtering; described as useful for phishing content or simple malware stubs.

Read more
ahnlab asec blogNews
May 27, 2026
The proliferation and evolution of AI-powered hacking tools - how generative AI has changed the cyber attack ecosystem and response strategies - ASEC

Freely distributed open-source AI hacking tool published on GitHub and runnable on smartphones via Termux, making replication and modification easy.

Read more
ahnlab asec blogNews
May 21, 2026
The proliferation and evolution of AI-powered hacking tools - from dark web distribution to autonomous attacks - ASEC

Free and open AI hacking tool publicly distributed on GitHub with Termux support, lowering the barrier to entry for offensive activity.

Read more
bleeping computerNews
Jan 1, 2026
The biggest cybersecurity and cyberattack stories of 2025

KawaiiGPT is a large language model released by cybercriminals to facilitate the creation of AI-powered malware, circumventing built-in restrictions.

Read more
+6 more in the timeline
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets match these IOCs, which detections are missing, which campaigns to expect next, and what to do in the next 30 minutes.
Start free trial
IOC matching2

Match every observed IP, domain, and hash against your live telemetry.

Threat actor attribution

Named campaigns wielding this family, with evidence pinned to each claim.

Exploited vulnerabilities

CVEs this family uses for access and lateral movement.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

MITRE ATT&CK mapping16

Every documented technique, ranked by evidence weight.

Researcher chatter

Reddit, Mastodon, and CTI community discussion around this family.