Beware! WormGPT can launch Cyber Attacks easily

With the popularity of generative artificial intelligence (AI), it’s no surprise that malicious individuals have started using this technology for cybercrime. Recently, a new cybercrime tool called WormGPT, based on generative AI, has been advertised on underground forums as a way for adversaries to launch advanced phishing and business email compromise (BEC) attacks.

Source: Infosec

“WormGPT is positioned as a blackhat alternative to well-known models like ChatGPT, specifically designed for malicious purposes. This tool allows cybercriminals to automate the creation of highly convincing fake emails that are personalized to the recipient, increasing the success rate of their attacks,” says Daniel Kelly.

Is it worth the hype?

The software’s author claims that WormGPT is the biggest enemy of ChatGPT and boasts about its ability to facilitate illegal activities. Tools like WormGPT can be powerful weapons in the wrong hands, especially as platforms like ChatGPT and Google Bard actively combat the abuse of large language models for generating phishing emails and malicious code.

Source: Slashnext

According to a recent report by Check Point, Bard’s anti-abuse measures in cybersecurity are less stringent than ChatGPT. Consequently, it’s easier to generate malicious content using Bard’s capabilities.

In February, an Israeli cybersecurity firm revealed how cybercriminals bypassed ChatGPT’s restrictions by exploiting its API. They traded stolen premium accounts and sold brute-force software to hack into ChatGPT accounts using extensive lists of email addresses and passwords.

The fact that WormGPT operates without ethical boundaries highlights the risks associated with generative AI. Even novice cybercriminals can launch attacks quickly and at scale, even if they lack technical expertise.

The sales copy language for WormGPT is not that different from we advise clients.

If they are in the Microsoft ecosystem use appropriate subscriptions.

Criminals are advising other criminals to invest in O365.

Either way Microsoft is the winner. pic.twitter.com/ptoKhhzIzE

— Peter Skaronis (@Peter_Skaronis) July 15, 2023

To exacerbate the situation, threat actors promote “jailbreaks” for ChatGPT, manipulating the tool into generating output that involves disclosing sensitive information, producing inappropriate content, or executing harmful code.

In a nutshell

Generative AI can create emails with impeccable grammar, making them appear legitimate and reducing the likelihood of being flagged as suspicious. 

This democratizes the execution of sophisticated BEC attacks, as even attackers with limited skills can utilize this technology, making it accessible to a broader spectrum of cyber criminals.

These developments underscore the importance of addressing the potential misuse of generative AI in cybercrime and the need for enhanced security measures to protect against such attacks.