ChatGPT Derivative WormGPT Could Fuel Sophisticated Attacks, Researchers Warn

Researchers at SlashNext have discovered an alarming new trend in the world of cybercrime. Threat actors turned to WormGPT, an unfiltered generative AI tool derived from ChatGPT, to execute highly sophisticated phishing campaigns and business email compromise (BEC) attacks. This tool is being sold on the black market, opening a Pandora's box of malicious possibilities.

Unlike ChatGPT, which is restrained by ethical filters and pre-trained transformers (GPTs), WormGPT lacks such restrictions. As a result, it allows cybercriminals to bypass the linguistic and tactical limitations traditionally associated with such attacks.

Under usual circumstances, BEC attacks have been relatively easy to spot due to grammatical errors or unnatural language usage, hallmarks of attackers who lack the linguistic finesse required to fool unsuspecting recipients. However, with the aid of WormGPT, even those with minimal language skills can craft alarmingly persuasive and grammatically flawless malicious emails.

"We conducted tests focusing on BEC attacks to comprehensively assess the potential dangers associated with WormGPT," the researchers said in their security advisory. They instructed WormGPT to generate an email to trick an account manager into paying a fraudulent invoice. The result was unnerving: an impeccably crafted, persuasive, and tactically shrewd email that underlined WormGPT's potential to fuel sophisticated phishing and BEC attacks.

This concerning development, however, is broader than WormGPT. Chatbots such as ChatGPT and even Google's Bard, designed to deny malicious requests, are also under threat. Threat actors are finding ways to 'jailbreak' these chatbots, using particular prompts that fool the AI into acting against its original programming.

Researchers stressed that several chatbots are at risk due to variances in restrictions and safety measures. To counteract these potential AI-fueled cyber threats, especially in phishing and BEC campaigns, they recommend enrolling in BEC-specific training and using specialized tools with appropriate email protection features.

With the rise of AI-powered cybercrime tools like WormGPT, it is clear that the intersection of technology and cybersecurity is becoming an increasingly complex battlefield. The ongoing development of AI mirrors a corresponding escalation in potential hazards, highlighting the urgent requirement for advanced, alert, and preemptive cybersecurity strategies.

Specialized software like Bitdefender Ultimate Security can protect you against AI-driven malicious campaigns and other cyberthreats. Key features include:

• Anti-spam module that automatically filters irrelevant messages in your local email clients' inbox
• All-around, continuous detection and protection against worms, viruses, Trojans, rootkits, spyware, ransomware, zero-day exploits, rootkits, and other e-threats
• Anti-phishing module that detects and blocks websites that pose as legitimate ones in order to steal your data, credentials, and funds
• Behavioral detection technology that closely monitors active apps on your system and acts instantly upon detecting suspicious activity