Official forum for Utopia Community
You are not logged in.
Threat actors are promoting FraudGPT, an artificial intelligence (AI) tool that generates cybercrime, on various dark web marketplaces and Telegram channels, following in the footsteps of WormGPT.
This AI bot is only intended to be used for offensive activities like spear phishing emails, cracking tools, carding, etc. Rakesh Krishnan, a security researcher at Netenrich, stated in a report released on Tuesday.
The cybersecurity company claimed that the subscription costs $200 per month (or $1,000 for six months and $1,700 for a year) and has been available since at least July 22, 2023.
The actor, who uses the online alias CanadianKingpin, declares that the alternative to Chat GPT is "designed to provide a wide range of exclusive tools, features, and capabilities tailored to anyone's individuals with no boundaries.".
The tool could be used to write malicious code, produce undetectable malware, discover leaks, and find vulnerabilities, the author adds. There have also been more than 3,000 verified sales and reviews, he adds. At this time, it is unknown precisely which large language model (LLM) was used to create the system.
FraudGPT.
The change occurs at a time when threat actors are increasingly capitalizing on the introduction of OpenAI ChatGPT-like AI tools to create new adversarial variants that are specifically designed to encourage all forms of cybercriminal activity without any limitations.
Such tools, in addition to elevating the phishing-as-a-service (PhaaS) model, could serve as a jumping-off point for unskilled actors looking to launch convincing phishing and business email compromise (BEC) attacks at scale, resulting in the theft of confidential data and unauthorized wire transfers.
"Organizations can develop ChatGPT (and other tools) with ethical safeguards, but it isn't a difficult feat to reimplement the same technology without those safeguards," Krishnan said.
"Finding these quick-moving threats before phishing emails can evolve into ransomware or data exfiltration requires the implementation of a defense-in-depth strategy using all the security telemetry available for fast analytics. ".
Offline