Threat Insight: WormGPT Chatbot Advertised to Aid Cybercriminals

The artificial intelligence (AI) trends in 2023 have finally reached the depths of underground forums. On July 14, 2023, a member of Exploit Forum advertised access to a hosted version of WormGPT, an alternative to OpenAI’s ChatGPT and Google’s Bard. WormGPT, initially launched in June 2023, differs from other generative AI chatbots by not limiting or censoring its output to follow ethical usage. This lack of restrictions allows malicious users to submit prompts that rapidly generate text and code, which could aid in malware development or phishing attacks. WormGPT version 2 was initially advertised for a subscription of €550 (roughly $618) per year, opening the door to AI-based hacking tools to a broader range of malicious actors.

Tools like WormGPT pose an increased risk to MSPs and SMBs due to their ability to reduce and remove errors common in phishing attacks, such as misspelled words and grammar issues. These language errors often found in phishing prompts written by non-native speakers are more easily identified by targeted end users, making them less likely to fall for the attack. AI-based hacking tools also decrease the skill or experience an attacker needs, further expanding the number of potential actors utilizing this technique. It is highly recommended that users engage in phishing-related training and that service providers maintain or implement email verification controls to increase the likelihood of preventing a successful email-based attack.

This topic was sourced from SlashNextThe Hacker News and underground forums.

-Kaseya Threat Management Team

Security Advisories Archives
RSS Feed

To View the RSS Feed of our advisory postings, please input this link into your feed reader.