WormGPT – A ChatGPT Themed Hacking Tool Used to Launch Cyber Attack

WormGPT, a black-hat-based tool has been recently launched by cybercriminals and has the potential to conduct various social engineering as well as Business Email Compromise (BEC) attacks. This tool has no limitations towards its use and has no boundaries.

The use of generative AI has seen a remarkable reach in recent times. With the release of ChatGPT in November 2022, there have been several AI tools created and refined for multiple purposes. However, here comes a time in which a new AI has been released specifically designed for Black Hats.

Business email compromise, commonly referred to as CEO fraud or whaling, attacks businesses by impersonating senior executives or reliable partners.

BEC Attacks Revolutionised by WormGPT

As per reports, threat actors have been using ChatGPT and other AI-based tools for generating malicious email that seems legitimate enough to convince an employee in giving sensitive information. 

In a forum of cybercriminal discussions, there has been evidence that threat actors rely on ChatGPT for composing BEC emails. Even hackers with low fluency in other languages can use these AI-generative emails for conducting such attacks.

Another discussion mentioned “Jailbreaks” for tools like ChatGPT. These are specially crafted prompts that can make ChatGPT give out sensitive information beyond the scope of its use. It can even provide inappropriate content or generate harmful code.

Jailbreak discussion (Source: Slashnext)

WormGPT

WormGPT was also found on a cybercriminal discussion forum, which was mentioned to be specially designed as a blackhat alternative to other GPTs. It is designed with GPTJ (Generative Pre-trained Transformer-J) language models with a range of features and code formatting capabilities.

WormGPT

In an experiment conducted with WormGPT where it was asked to generate a BEC email for pressurizing an account manager for paying a fraudulent invoice. The results were extremely harmful since they generated a convincing, grammatical error-free, and persuasive email which would convince any employee.

It is recommended for organizations train their employees about these kinds of phishing emails and have appropriate email filters in place for preventing such AI-generative email-based attacks.

Also Read:

https://cybersecuritynews.com/burpgpt
Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS devices.…

3 hours ago

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch Experts…

2 days ago

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan exploits…

2 days ago

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on organizations…

2 days ago

Google Chrome Security, Critical Vulnerabilities Patched

Google has updated its Chrome browser, addressing critical vulnerabilities that posed potential risks to millions…

2 days ago

Notorious WrnRAT Delivered Mimic As Gambling Games

WrnRAT is a new malware attack that cybercriminals have deployed by using popular gambling games…

3 days ago