Beware! ChatGPT doppelganger WormGPT is helping cybercriminals launch online attacks

Cyber security researchers have warned of a new ChatGPT clone dubbed as WormGPT that is designed specially to help cyber criminals launch online attacks. SlashNext, a cyber security firm, has discovered WormGPT being sold on dark web pitching it as a “sophisticated AI model” and a “best GPT alternative for blackhat” designed especially for cybercrimes. The tool is described as “privacy focused” and a way for “easy money” for cyber criminals.

The malicious tool has “no ethical boundaries or limitations” and is capable of generating convincing fake emails that can be used to fulfil ill intentions of the attackers.

The researchers say that WormGPT has been trained on “a diverse array of data sources, particularly concentrating on malware-related data.” The researchers conducted tests on WormGPT instructing it to write an email intended to pressure an unsuspecting account manager into paying a fake invoice.

The malicious generated the intended email which was “not only remarkably persuasive but also strategically cunning, showcasing its potential for sophisticated phishing attacks.”

The researchers found out the various services that WormGPT can offer. It includes tasks like refining or writing persuasive emails for phishing or Business Email Compromise(BEC) attack, writing codes for jailbreaks, and more.

Designed in 2021, WormGPT is a GPTJ language model-based AI module with multiple features like chat memory retention, unlimited character support, and code creation abilities, note the researchers.

The module can be used for various kinds of cybercrimes like phishing, blackmailing, smishing or BEC attacks. Cybersecurity researchers have warned that WormGPT is a serious threat and there are fest steps that we can take to safeguard ourselves against such malicious attacks. These include companies offering extensive training aimed at countering BEC attacks. Employees should be educated about this kind of attack and taught to be wary of suspicious emails. Further, the companies could opt for improved email verification measures like setting up alerts for email coming from outside the organisation and using email systems that flag messages containing specific keywords linked to BEC attacks like “urgent”, “sensitive”, or “wire transfer.”