A new tool called FraudGPT has been launched by cybercriminals which pose a serious threat to both individuals and businesses.
This black-hat-based tool is capable of executing social engineering and Business Email Compromise (BEC) attacks, making it a real cause for concern.
The recent activities on the Dark Web Forum show the emergence new malicious AI tool dubbed FraudGPT, active since July 22, 2023.
According to a report shared by the Netenrich threat research team, cybercriminals are currently selling a tool on various Dark Web marketplaces and the Telegram platform.
FraudGPT: Dark Side AI Tool
The threat actors advertised that the “FraudGPT craftiness would play a vital role in business email compromise (BEC) phishing campaigns on organizations.”
With FraudGPT, attackers could create fewer emails that might tempt recipients into clicking on a malicious link, potentially making the future safer.
This tool has been created solely for offensive purposes and the individuals responsible for it are charging $200 per month or up to $1,700 per year.
The following are the offensive features of the tool;
- Write malicious code
- Create undetectable malware
- Find non-VBV bins
- Create phishing pages
- Create hacking tools
- Find groups, sites, markets
- Write scam pages/letters
- Find leaks, vulnerabilities
- Learn to code/hack
- Find cardable sites
- Escrow available 24/7
- 3,000+ confirmed sales/reviews
The individual responsible for fraudGPT had created a Telegram channel a month prior to the release of the tool.
He confidently affirms his status as a verified vendor on numerous underground dark web marketplaces, such as EMPIRE, WHM, TORREZ, WORLD, ALPHABAY, and VERSUS.
Earlier to FraudGPT, yet another tool dubbed WormGPT was launched by threat actors aiming to offer the following services;
- Generate advanced phishing emails
- Launch BEC attacks
The WormGPT is an unrestricted variant of ChatGPT since it lacks ethical boundaries or limitations, unlike ChatGPT. WormGPT highlights the significant risk of generative AI.
Just after its launch, WormGPT’s Telegram channel gained more than 5,000 active subscribers in just a week, showing threat actors’ rapid adoption of the tool to perform illicit activities and attacks.
Defending against AI-driven BEC attacks demands a multi-layered strategy, blending tech solutions and user awareness.
Here below, we have mentioned the recommendations offered by the cybersecurity analysts:-
- AI Detection Tools
- Email Authentication Protocols
- User Training and Awareness
- Email Filtering and Whitelisting