Fake Access To Malicious AI Tool ‘WormGPT’ For Sale On The Dark Web
4 mins read

Fake Access To Malicious AI Tool ‘WormGPT’ For Sale On The Dark Web

It’s a malicious version of ChatGPT that is called “WormGPT” lacks specific limitations, making it an effective tool for cybercriminals who want to carry out attacks.

Kaspersky’s Digital Footprint Intelligence experts have recently made a concerning discovery regarding a cluster of websites operating on the shadow internet. These websites seem to be offering counterfeit access to a potentially dangerous AI tool known as WormGPT. What makes this discovery even more alarming is the fact that these sites exhibit characteristics reminiscent of phishing attempts. They vary in design, pricing structures, accepted currencies for payments, and, in some cases, even demand upfront payments to access a trial version of the tool. While this development doesn’t pose an immediate threat to users, it serves as a stark reminder of the growing popularity of illicit alternatives to legitimate GPT models. It also underscores the critical importance of bolstering cybersecurity measures to protect against such emerging threats.

WormGPT: The Dark web Version of ChatGPT

Artificial intelligence has become an integral part of cybercriminal activity, which is a concerning development. Deep within the darknet, various language models tailored for nefarious purposes, including business email compromise (BEC), malware creation, and phishing attacks, have emerged. Among these AI models, there is one known as WormGPT, a variant of ChatGPT devoid of the constraints found in its legitimate counterpart. This makes WormGPT a potent tool for cybercriminals, especially in executing sophisticated attacks such as BEC.

Also Read | How to Defend Against WoofLocker Scam?

Exploiting a well-known tactic that leverages the popularity of products and brands, WormGPT has not escaped the attention of phishers and scammers. Within the hidden corners of darknet forums and illicit Telegram channels, Kaspersky’s experts have uncovered a disturbing trend. They’ve found websites and advertisements offering fraudulent access to this malicious AI tool, specifically targeting other cybercriminals, in what appears to be a classic case of phishing.

These deceptive websites exhibit significant variations in their presentation and pricing structures, all designed to mimic typical phishing pages. Payment methods accepted to range from cryptocurrencies, originally proposed by the creator of WormGPT, to conventional credit cards and bank transfers.

“In the intricate world of the dark web, definitively distinguishing malicious resources remains a daunting challenge. However, there are numerous indirect clues strongly suggesting that the identified websites are indeed phishing pages. It is a well-established fact that cybercriminals often deceive each other. Nevertheless, the recent surge in phishing attempts indicates the growing appeal of these malicious AI tools within the cybercriminal community. These models, to some extent, enable the automation of attacks, highlighting the increasing need for trusted and robust cybersecurity solutions,” explains Alisa Kulishenko, a digital footprint analyst at Kaspersky.

Also Read | Protecting ML models will secure the supply chain, JFrog releases ML security features 

Cybercriminals’ activities in the shadow segment of the internet pose the following security threats:

  • Kaspersky Digital Footprint Intelligence allows security analysts to explore an adversary’s view of their company resources and discover potential attack vectors quickly. This also helps raise awareness about existing threats from cybercriminals in order to adjust your defenses accordingly or take counter and elimination measures timely.
  • You should choose an endpoint security solution with behavior-based detection and anomaly control capabilities, such as Kaspersky Endpoint Security for Business.
  • High-profile attacks can be combated with dedicated services. Kaspersky Managed Detection and Response can identify and stop intrusions at their early stages before the perpetrators are able to accomplish their goals.  In the event that you encounter an incident, Kaspersky Incident Response will help you respond and minimize the consequences, for example, identifying compromised information nodes and protecting the infrastructure from similar attacks in the future.

Leave a Reply

Your email address will not be published. Required fields are marked *