But LAMEHUG’s creators have taken a different approach by building the ability to query LLMs directly into the malware program itself. To do so, LAMEHUG leverages the APIs from Hugging Face, the biggest platform on the web for hosting LLMs and other AI assets.
LAMEHUG includes a built-in query to the Qwen 2.5-Coder-32B-Instruct model via Hugging Face, by which it instructs the model to behave as a Windows system administrator and to generate a list of commands to create a folder and gather information in it about the computer, network, and Active Directory domain and then put the results in a text file.
A separate query instructs the model to create a list of commands that will recursively copy all .pdf and .txt documents from the Documents, Downloads, and Desktop folder to the newly create staging directory under C:\Programdata\info\.
