Wednesday, December 6, 2023

FraudGPT: A New Dark Side AI Tool For Cyber Criminals

A new tool called FraudGPT has been launched by cybercriminals which pose a serious threat to both individuals and businesses.

This black-hat-based tool is capable of executing social engineering and Business Email Compromise (BEC) attacks, making it a real cause for concern.

The recent activities on the Dark Web Forum show the emergence new malicious AI tool dubbed FraudGPT, active since July 22, 2023.

According to a report shared by the Netenrich threat research team, cybercriminals are currently selling a tool on various Dark Web marketplaces and the Telegram platform.

FraudGPT: Dark Side AI Tool

The threat actors advertised that the “FraudGPT craftiness would play a vital role in business email compromise (BEC) phishing campaigns on organizations.”

With FraudGPT, attackers could create fewer emails that might tempt recipients into clicking on a malicious link, potentially making the future safer.

This tool has been created solely for offensive purposes and the individuals responsible for it are charging $200 per month or up to $1,700 per year.

The following are the offensive features of the tool;

  • Write malicious code
  • Create undetectable malware
  • Find non-VBV bins
  • Create phishing pages
  • Create hacking tools
  • Find groups, sites, markets
  • Write scam pages/letters
  • Find leaks, vulnerabilities
  • Learn to code/hack
  • Find cardable sites 
  • Escrow available 24/7
  • 3,000+ confirmed sales/reviews

The individual responsible for fraudGPT had created a Telegram channel a month prior to the release of the tool.

He confidently affirms his status as a verified vendor on numerous underground dark web marketplaces, such as EMPIRE, WHM, TORREZ, WORLD, ALPHABAY, and VERSUS.

Earlier to FraudGPT, yet another tool dubbed WormGPT was launched by threat actors aiming to offer the following services;

  • Generate  advanced phishing emails
  • Launch BEC attacks

The WormGPT is an unrestricted variant of ChatGPT since it lacks ethical boundaries or limitations, unlike ChatGPT. WormGPT highlights the significant risk of generative AI.

Just after its launch, WormGPT’s Telegram channel gained more than 5,000 active subscribers in just a week, showing threat actors’ rapid adoption of the tool to perform illicit activities and attacks.


Defending against AI-driven BEC attacks demands a multi-layered strategy, blending tech solutions and user awareness.

Here below, we have mentioned the recommendations offered by the cybersecurity analysts:-

  • AI Detection Tools
  • Email Authentication Protocols
  • User Training and Awareness
  • Email Filtering and Whitelisting

Stay up-to-date with the latest Cyber Security News; follow us on GoogleNewsLinkedinTwitterand Facebook.


Latest articles

BlueNoroff: New Malware Attacking MacOS Users

Researchers have uncovered a new Trojan-attacking macOS user that is associated with the BlueNoroff APT...

Serpent Stealer Acquires Browser Passwords and Erases Intrusion Logs

Beneath the surface of the cyber realm, a silent menace emerges—crafted with the precision...

Doppelgänger: Hackers Employ AI to Launch Highly sophistication Attacks

It has been observed that threat actors are using AI technology to conduct illicit...

Kali Linux 2023.4 Released – What’s New!

Kali Linux 2023.4, the latest version of Offensive Security's renowned operating system, has been...

Trickbot Malware Developer Pleads Guilty & Faces 35 Years in Prison

A 40-year-old Russian national, Vladimir Dunaev, pleaded guilty for developing and deploying Trickbot malware....

ICANN Launches RDRS to Assist Law Enforcement Agencies to Discover Private Info

ICANN is a non-profit organization that is responsible for coordinating the global internet's-DNSIP address...

Hackers Use Weaponized Documents to Attack U.S. Aerospace Industry

An American aerospace company has been the target of a commercial cyberespionage campaign dubbed...

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Related Articles