The shutdown of WormGPT in 2023, following widespread exposure and investigative reporting, marked what many believed to be the end of a dangerous uncensored AI tool designed for cybercrime. Originally powered by the open-source GPT-J model, WormGPT enabled malicious actors to generate phishing emails, malware code, and social engineering scripts without ethical constraints.

Two years later, that belief has proven premature.

Security researchers have identified new variants of WormGPT that revive the brand using legitimate AI platforms as backbones, specifically, xAI’s Grok and Mistral’s Mixtral.

Operating via Telegram bots, these rebranded tools leverage prompt engineering and jailbreak techniques to bypass safety guardrails and once again serve as assets for cybercriminals.

Why It Matters: The return of WormGPT, now reimagined through mainstream LLMs, signals a troubling shift in cybercrime tactics. Rather than developing custom models, threat actors are now hijacking APIs from commercial AI providers, altering prompts to create tools that are not only more powerful but also harder to detect. This evolution highlights a growing misuse of AI and underscores the urgent need for defense mechanisms that extend beyond traditional filters and into AI abuse detection.

• New WormGPT Variants Discovered on BreachForums: Researchers found two new WormGPT tools, keanu-WormGPT and xzin0vich-WormGPT, being sold or distributed on underground forums. These variants function through Telegram chatbots and are powered not by custom models but by popular LLMs: Grok and Mixtral.

• keanu-WormGPT Uses Grok via Jailbreaking: Posted in February 2025, keanu-WormGPT runs on xAI’s Grok model. Threat actors bypassed Grok’s built-in ethical constraints using crafted system prompts, allowing the chatbot to generate phishing messages and credential-harvesting scripts. The jailbreak reveals Grok is used via API access with modified prompt instructions.

• xzin0vich-WormGPT Built on Mixtral Architecture: The Mixtral-powered version was posted in October 2024 by “xzin0vich.” Prompt analysis confirmed references to Mixtral-specific parameters, including grouped-query attention mechanisms. Like its Grok counterpart, it is capable of creating malicious content upon request.

• A Growing Market of Malicious AI Tools: WormGPT’s return is part of a broader trend. Other uncensored AI tools, such as FraudGPT, DarkGPT, and EvilGPT, have also emerged, repurposing legitimate LLMs through prompt manipulation or illicit fine-tuning. These tools proliferate via Telegram, creating a low-barrier ecosystem for cybercriminals.

• Repurposed Commercial Models Over Custom LLMs: The observed variants of WormGPT are not homegrown models. Instead, they demonstrate how malicious actors are leveraging existing LLMs through creative jailbreaks, illustrating the risks of publicly accessible AI APIs when not properly protected.

Go Deeper -> Two WormGPT Clones That Use Grok and Mixtral Found in Underground Forum – TechRepublic

Cato CTRL™ Threat Research: WormGPT Variants Powered by Grok and Mixtral – Cato Networks