MGC: A Compiler Framework Exploiting Compositional Blindness in Aligned LLMs for Malware Generation

TL;DR

This paper presents MGC, a framework that exploits vulnerabilities in aligned LLMs to generate malware by decomposing malicious tasks into benign sub-tasks, revealing security risks in current alignment safeguards.

Contribution

MGC introduces a novel modular decomposition approach and a malware-specific intermediate representation to systematically generate malware from aligned LLMs, exposing security vulnerabilities.

Findings

Outperforms existing jailbreak methods by +365.79% in correctness

Successfully reproduces and enhances 16 real-world malware samples

Demonstrates reliable malware generation across diverse tasks and datasets

Abstract

Large language models (LLMs) have democratized software development, reducing the expertise barrier for programming complex applications. This accessibility extends to malicious software development, raising significant security concerns. While LLM providers have implemented alignment mechanisms to prevent direct generation of overtly malicious code, these safeguards predominantly evaluate individual prompts in isolation, overlooking a critical vulnerability: malicious operations can be systematically decomposed into benign-appearing sub-tasks. In this paper, we introduce the Malware Generation Compiler (MGC), a novel framework that leverages this vulnerability through modular decomposition and alignment-evasive generation. MGC employs a specialized Malware Description Intermediate Representation (MDIR) to bridge high-level malicious intents and benign-appearing code snippets. Extensive evaluation demonstrates that our attack reliably generates functional malware across diverse task specifications and categories, outperforming jailbreaking methods by +365.79% and underground services by +78.07% in correctness on three benchmark datasets. Case studies further show that MGC can reproduce and even enhance 16 real-world malware samples. This work provides critical insights for security researchers by exposing the risks of compositional attacks against aligned AI systems. Demonstrations are available at https://sites.google.com/view/malware-generation-compiler.