WormGPT Archives – Gridinsoft Blog Welcome to the Gridinsoft Blog, where we share posts about security solutions to keep you, your family and business safe. Wed, 26 Jul 2023 20:06:40 +0000 en-US hourly 1 https://wordpress.org/?v=88098 200474804 FraudGPT Offers Phishing Email Generation to Cybercriminals https://gridinsoft.com/blogs/fraudgpt-phishing/ https://gridinsoft.com/blogs/fraudgpt-phishing/#respond Wed, 26 Jul 2023 20:05:26 +0000 https://gridinsoft.com/blogs/?p=16321 It’s not just IT companies racing to develop AI-powered chatbots. Cybercriminals have also joined the fray. Recent reports indicate that a developer has built a dangerous AI chatbot called “FraudGPT” that enables users to engage in malicious activities. Earlier this month, security experts uncovered a hacker working on WormGPT. Also, the chatbot enables users to… Continue reading FraudGPT Offers Phishing Email Generation to Cybercriminals

The post FraudGPT Offers Phishing Email Generation to Cybercriminals appeared first on Gridinsoft Blog.

]]>
It’s not just IT companies racing to develop AI-powered chatbots. Cybercriminals have also joined the fray. Recent reports indicate that a developer has built a dangerous AI chatbot called “FraudGPT” that enables users to engage in malicious activities.

Earlier this month, security experts uncovered a hacker working on WormGPT. Also, the chatbot enables users to create viruses and phishing emails. Recently, another malicious chatbot, FraudGPT, has been detected and sold on different marketplaces on the dark web and through Telegram accounts.

About FraudGPT

A harmful AI tool called FraudGPT has been created to replace the well-known AI chatbot ChatGPT. This tool is intended to aid cybercriminals in their illegal endeavors by giving them improved techniques for initiating phishing attacks and developing malicious code.

It is suspected that the same group that developed WormGPT is also responsible for creating FraudGPT. This group is focused on creating various tools for different groups. It’s like how startups test multiple techniques to identify their target market. There have been no reported incidents of active attacks using FraudGPT tools.

FraudGPT is a tool that goes beyond just phishing attacks. It can be used to write harmful code, create malware and hacking tools that are difficult to detect and find weaknesses in an organization’s technology. Attackers can use it to craft convincing emails that make it more probable for victims to click on harmful links and pinpoint and choose their targets more accurately.

About FraudGPT
Screenshot of FraudGPT for sale on Dark Web Forums

FraudGPT is being sold on various dark web marketplaces and the Telegram platform. It is offered through a subscription-based model, with prices ranging from $200 per month to $1,700 per year. However, it’s important to note that using such tools is illegal and unethical, and staying away from them is recommended.

FraudGPT Efficiency

There are concerns among security experts about the effectiveness of AI-powered threat tools like FraudGPT. Some experts argue that the features these tools offer are not substantially different from what attackers can achieve with ChatGPT. Additionally, there is limited research on whether AI-generated phishing lures are more effective than those created by humans.

FraudGPT Efficiency
Anti-fraud software detects unethical behavior FraudGPT

It’s important to note that introducing FraudGPT provides cybercriminals with a new tool to carry out multi-step attacks more efficiently. Additionally, the advancements in chatbots and deepfake technology could lead to even more sophisticated campaigns, which would only compound the challenges malware presents.

It is unclear whether either chatbot can hack computers. However, Netenrich warns that such technology could facilitate the creation of more convincing phishing emails and other fraudulent activities by hackers. The company also acknowledges that criminals will always seek to enhance their criminal abilities. It is possible by leveraging the tools that are made available to them.

How to Protect Against FraudGPT

The advancements in AI offer new and innovative ways to approach problems, but prioritizing prevention is essential. Here are some strategies you can use:

  • Business Email Compromise-Specific Training
    Organizations should implement comprehensive and regularly updated training programs to combat business email compromise (BEC) attacks, particularly those aided by AI. Employees should be educated on the nature of BEC threats, how AI can worsen them, and the methods used by attackers. This training should be integrated into employees’ ongoing professional growth.

  • Enhanced Email Verification Measures
    Organizations should implement strict email verification policies to protect themselves from AI-driven Business Email Compromise (BEC) attacks. These policies should include setting up email systems that notify the authorities about any communication containing specific words associated with BEC attacks, for instance, “urgent,” “sensitive,” or “wire transfer.” Additionally, they should establish systems that automatically identify when emails from external sources mimic those of internal executives or vendors. By doing these, organizations ensure that they thoroughly examine potentially harmful emails before taking action.

FraudGPT Offers Phishing Email Generation to Cybercriminals

The post FraudGPT Offers Phishing Email Generation to Cybercriminals appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/fraudgpt-phishing/feed/ 0 16321
WormGPT Helps Cybercriminals to Launch Sophisticated Phishing Attacks https://gridinsoft.com/blogs/wormgpt-for-phishing-attacks/ https://gridinsoft.com/blogs/wormgpt-for-phishing-attacks/#respond Wed, 19 Jul 2023 11:37:59 +0000 https://gridinsoft.com/blogs/?p=16080 SlashNext noticed that cybercriminals are increasingly using generative AI in their phishing attacks, such as the new WormGPT tool. WormGPT is advertised on hacker forums, and it can be used to organize phishing mailings and compromise business mail (Business Email Compromise, BEC). WormGPT Is Massively Used for Phishing WormGPT is based on the GPTJ language… Continue reading WormGPT Helps Cybercriminals to Launch Sophisticated Phishing Attacks

The post WormGPT Helps Cybercriminals to Launch Sophisticated Phishing Attacks appeared first on Gridinsoft Blog.

]]>
SlashNext noticed that cybercriminals are increasingly using generative AI in their phishing attacks, such as the new WormGPT tool. WormGPT is advertised on hacker forums, and it can be used to organize phishing mailings and compromise business mail (Business Email Compromise, BEC).

WormGPT Is Massively Used for Phishing

WormGPT for phishing attacks
WormGPT Advertisement
This tool is a blackhat alternative to the well-known GPT models, designed specifically for malicious activities. Cybercriminals can use this technology to automatically create highly convincing fake emails that are personalized to the recipient, increasing the chances of an attack being successful.the researchers write.

WormGPT is based on the GPTJ language model created in 2021. It boasts a range of features including unlimited character support, chat history saving, and the ability to format code. The authors call it “the worst enemy of ChatGPT”, which allows performing “all sorts of illegal activities.” Also, the creators of the tool claim that it is trained on different datasets, with a focus on malware-related data. However, the specific datasets used in the training process are not disclosed.

WormGPT for phishing attacks
Information about WormGPT training

After gaining access to WormGPT, the experts conducted their own tests. For example, in one experiment, they had WormGPT generate a fraudulent email that was supposed to force an unsuspecting account manager to pay a fraudulent invoice.

Is WormGPT Really Efficient at Phishing Emails?

SlashNext says the results are “alarming”: WormGPT produced an email that was not only compelling, but also quite cunning, “demonstrating the potential for use in sophisticated phishing and BEC attacks”.

WormGPT for phishing attacks
Phishing email created by researchers
Generative AI can create emails with impeccable grammar, increasing their [external] legitimacy and making them less likely to be flagged as suspicious. The use of generative AI greatly simplifies the execution of complex BEC attacks. Even attackers with limited skills can use this technology, making it an accessible tool for a very wide range of cybercriminals.experts write.

The researchers also note a trend that their colleagues from Check Point warned about at the beginning of the year: “jailbreaks” for AI like ChatGPT are still being actively discussed on hacker forums.

Typically, these “jailbreaks” are carefully thought out requests, compiled in a special way. They are designed to manipulate AI chatbots to generate responses that may contain sensitive information, inappropriate content, and even malicious code.

The post WormGPT Helps Cybercriminals to Launch Sophisticated Phishing Attacks appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/wormgpt-for-phishing-attacks/feed/ 0 16080