Thursday, May 8, 2025
HomeAIXanthorox AI: New Automated Hacking Tool Surfaces on Hacker Forums

Xanthorox AI: New Automated Hacking Tool Surfaces on Hacker Forums

Published on

SIEM as a Service

Follow Us on Google News

A new malicious AI tool, Xanthorox AI, has emerged on underground hacker forums.

Dubbed the “Killer of WormGPT and all EvilGPT variants,” Xanthorox AI is poised to outpace previous AI-powered cyber tools in its versatility, stealth, and offensive capabilities, making it a significant threat in the realm of cybercrime.

Emergence and Infrastructure

First detected in Q1 of 2025, Xanthorox AI has been circulating in darknet communities, where it is being marketed as a cutting-edge AI platform designed for offensive cyber operations.

- Advertisement - Google News
script writing to malware development and vulnerability exploitation
script writing to malware development and vulnerability exploitation

Unlike its predecessors that relied on tweaks or jailbreaks of existing mainstream models like OpenAI’s GPT or Meta’s LLaMA, Xanthorox AI is reportedly a bespoke system developed from the ground up.

The developers claim that Xanthorox AI operates as a self-contained, multi-model architecture hosted entirely on private servers, ensuring complete autonomy and minimal traceability.

By eschewing public cloud infrastructure and external APIs, Xanthorox AI leverages local servers to maintain operational secrecy and avoid detection.

Xanthorox Vision
Xanthorox Vision

Its modular design also allows for upgrades or replacements of specific components, ensuring the tool remains relevant even as cybersecurity defenses evolve.

Key features described by the sellers include:

  • Proprietary language models with no ties to existing AI frameworks.
  • Offline functionality, removing reliance on network connectivity.
  • Built-in voice and image handling modules.
  • Internet search scraping capabilities from over 50 engines.
  • Data containment to eliminate third-party telemetry risks.

Features and Capabilities

Xanthorox AI is being marketed as an “all-in-one” hacking tool, boasting modules tailored to various cybercriminal tasks. Below is an overview of its primary components:

  1. Xanthorox Coder: A code generation and scripting assistant that automates malware creation, exploit development, and script refinement. This module provides attackers with customizable code snippets tailored to specific vulnerabilities.
  2. Xanthorox Vision: A visual intelligence tool capable of analyzing uploaded images and screenshots. It claims to extract relevant data, interpret visual content, or generate descriptive analyses, providing attackers with insights from graphical information, such as scanned documents or system screenshots.
  3. Xanthorox Reasoner Advanced: A module designed to mimic human reasoning. While achieving “100% accuracy” may be unrealistic, the tool aims to provide logically consistent and persuasive outputs—a useful capability for attackers crafting phishing emails, social engineering scripts, or negotiation strategies.
  4. Voice Interaction: Xanthorox supports voice-based commands through real-time calls or asynchronous voice messages, enabling hands-free operation. This feature could be particularly useful in covert environments where traditional keyboard inputs may be impractical or risky.
  5. Web Scraping and Static File Analysis: Using over 50 search engines, Xanthorox scrapes the internet for up-to-date intelligence, bypassing the usual constraints of APIs. Additionally, its file analysis capabilities allow it to process formats like .c, .txt, and .pdf, extracting or summarizing content to aid attackers handling stolen data.
Voice-based interaction interface
Voice-based interaction interface

According to the SlashNext report, Xanthorox AI represents a dangerous escalation in the use of AI for cybercrime. By combining modular customization, offline functionality, and a wide array of capabilities, it underscores the growing sophistication of malicious AI tools.

For cybersecurity professionals, the emergence of Xanthorox AI highlights the urgent need to develop countermeasures capable of identifying and neutralizing such advanced systems.

As hackers gain access to increasingly autonomous and intelligent tools, the stakes for businesses, governments, and individuals rise exponentially.

Xanthorox AI is a stark reminder of the dual-edged nature of AI technology—and the critical importance of staying ahead in the cybersecurity arms race.

Find this News Interesting! Follow us on Google NewsLinkedIn, & X to Get Instant Updates!

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed

Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector...

Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER

The Agenda ransomware group, also known as Qilin, has been reported to intensify its...

SpyCloud Analysis Reveals 94% of Fortune 50 Companies Have Employee Data Exposed in Phishing Attacks

SpyCloud, the leading identity threat protection company, today released an analysis of nearly 6...

PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability

F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed

Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector...

Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER

The Agenda ransomware group, also known as Qilin, has been reported to intensify its...

PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability

F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect...