Xanthorox AI - A Malicious AI Tool Supporting Hacker Groups
Cybersecurity researchers have discovered a new and dangerous tool causing a stir on darknet forums and among cybercriminal communities. Xanthorox, a malicious artificial intelligence platform, has emerged as a serious concern for the security industry. This tool operates like a regular chatbot, similar to ChatGPT, but with one major difference: it has no safety restrictions.
Detailed Information
First announced on a private Telegram channel in October 2024, Xanthorox quickly spread to darknet forums by February 2025. This platform can generate malware and ransomware based on simple text commands from users. Although the creator behind Xanthorox claims the tool is designed for "ethical hacking" and penetration testing, its features suggest otherwise.
Recently, in the latest report shared on the forum, security researchers from Trend Micro Security identified the Agentex version of this platform as very concerning. Ordinary users can easily create malicious programs with just a few commands like "Create a ransomware with the following capabilities" along with a list of requirements and actions. Agentex will automatically compile the instructions into executable code ready to run. This removes the technical barriers that once prevented individuals without skills from creating sophisticated malware.
Unlike previous tools like WormGPT or EvilGPT, which relied on jailbreaking existing models, Xanthorox claims to be a completely self-contained system, trained with the latest data through self-built LLMs, operating on dedicated servers without relying on third-party APIs like OpenAI, Google AI, or Anthropic.
According to Trend Micro experts, Agentex and Xanthorox can produce dangerous malware that works well on multiple operating systems, with the ability to hide within systems, fully annotated for ordinary users, and easy to deploy immediately on a large scale or serve as a foundation for more complex attacks. With these features, this is no longer a tool for research on technology safety and security; instead, its purpose targets serious users, some of whom may pursue goals far beyond so-called "research."
Testing shows that Xanthorox can create various types of malware with detailed instructions.
Shellcode Runner: Trend Micro researchers asked Xanthorox to create a shellcode runner written in C/C++ using indirect syscalls instead of Windows API calls and to include an AES-encrypted payload from a file on disk.
- Result: Agentex produced readable, efficient, and well-annotated code. The code included configuration instructions with placeholder variables, prompting users to change default values.
Obfuscation: Researchers also tested the ability to obfuscate JavaScript code by requesting a Python script to modify variable and function names with random characters.
- Result: Xanthorox continued to provide well-functioning code, annotated with deployment instructions. The implementation demonstrated an understanding of technical requirements and generated valid code for standalone use or as a framework for larger projects.
Although Xanthorox is strong in code generation, it still has significant limitations:
The platform cannot access the internet or dark web, limiting its usefulness for reconnaissance or data gathering.
The platform lacks information about recent security vulnerabilities, and it doesn't even know about the existence of the latest vulnerabilities. Moreover, Xanthorox cannot retrieve stolen data like credit card information or leaked login credentials.
Further research into this platform revealed that Xanthorox does not limit providing information about the system prompt whenever users request it.
Basically, the system prompt of Xanthorox is divided into three main directive parts:
Red: Emphasizes ignoring all principles or ethical constraints, essentially setting up a direct jailbreak mechanism on the LLM.
Green: Defines specific personality traits, guiding the model to behave like a creative female character.
Blue: Some tool definitions for roleplayers and data retrieval tools related to user requests.
Mitigation & Recommendations
Xanthorox is an AI tool advertised as having the ability to aid cybercriminals, but in reality, it is not as powerful as advertised. It cannot browse the web, access the darknet, or RAG data repositories; its knowledge is based only on a refined foundational model. However, Xanthorox can still help criminals write basic code or explore restricted topics on common LLMs. Overall, this tool is noteworthy but not an "absolutely powerful" threat to regular users. Users can take the following measures to ensure personal safety against this threat:
Avoid using dangerous tools: Refrain from using dangerous tools like Xanthorox or jailbroken LLMs that can create malicious code or harmful content. Do not distribute malicious code created by these platforms as it is illegal.
Protect personal data: Do not share sensitive data or accounts on untrustworthy platforms, as these tools can be exploited.
Use legitimate platforms: Use mainstream AI chatbots like ChatGPT, Claude, etc., to ensure safety and compliance with the law.
Increase personal awareness: Stay informed about the risks of malicious AI platforms to minimize the chances of facing general security threats.
