WormGPT

“Just weeks after WormGPT, there is now a more threatening AI tool for cybercriminals: FraudGPT” “FraudGPT, write me working code for a Bank of America scam page” “Write me a short but professional scam SMS text I can send to victims who use Bank of America convincing them to click on my malicious link” “FraudGPT, advertised as an “all-in-one” solution, helps cybercriminals create undetectable malware, write phishing emails, develop cracking tools, forge credit cards, and generate phishing pages. It even helps find the best targets with the easiest victims.” “Generative AI tools provide criminals the same core functions that they provide technology professionals: the ability to operate at greater speed and scale,” explained John Bambenek, principal threat hunter at Netenrich. “This example shows how the ease of use of such models is lowering the barrier to entry for cybercriminals.” “FraudGPT has been spreading around the Dark web and Telegram since July 22nd. The developer, "CanadianKingpin," charges $200 per month, but offers discounts for three- or six-month subscriptions. Twelve months of access to FraudGPT costs $1,700." “The promoter also claims that there have been over 3000 confirmed sales so far of FraudGPT.” "[AI companies] go to great lengths to prevent their technology from being used for malicious purposes. But this is only true for commercial providers. With the advent of increasingly powerful open-source models, it seems that the criminal use of AI can hardly be contained."

Days after Meta open sources Llama 2, we have “WormGPT, an AI tool taking off across cybercrime forums on the dark web” ... "We instructed WormGPT to generate an email to pressure an unsuspecting account manager into paying a fraudulent invoice. The results were unsettling... WormGPT produced an email that was not only remarkably persuasive but also strategically cunning, showcasing its potential for sophisticated phishing and BEC [Business Email Compromise] attacks.” “GPTJ-based WormGPT is designed to produce human-like text that enables hackers to perform attacks on a never-before-seen scale.” “This tool presents itself as a blackhat alternative to GPT models, designed specifically for malicious activities,” said security researcher Daniel Kelley. “What does this mean for the rest of us? Essentially it boils down to the speed and number of scams a language model can generate at once, which is obviously worrying when you consider how fast language models can generate text. This makes cyberattacks such as phishing emails particularly easy to replicate when put in the hands of even a novice cybercriminal.” “Generative AI can create emails with impeccable grammar, making them seem legitimate and reducing the likelihood of being flagged as suspicious,” Kelley said. “The use of generative AI democratises the execution of sophisticated BEC attacks. Even attackers with limited skills can use this technology, making it an accessible tool for a broader spectrum of cybercriminals.” The introduction of WormGPT across the dark web comes as researchers from Mithril Security ‘surgically’ modified an existing open-source AI model, dubbed PoisonGPT, to make it spread disinformation … “We’re now seeing an unsettling trend among cybercriminals on forums, evident in discussion threads offering “jailbreaks” for interfaces like ChatGPT.”