It was only a matter of time before the famous artificial intelligence chatbot ChatGPT was imitated for malicious purposes. Such a tool, known as WormGPT, is now on the market. On July 13, researchers from the cybersecurity company SlashNext published a blog post revealing the discovery of this tool now for sale on a hacker forum.
According to its promoters, the WormGPT project aims to be a black “alternative” to ChatGPT. It must make it possible to “do all kinds of illegal things and easily sell them online in the future”. SlashNext gained access to the tool, described as an artificial intelligence module based on the GPTJ language model. WormGPT was obviously trained using data sources such as malware information.
Without ethical limits
WormGPT is thus described as being “similar to ChatGPT but without ethical limits”. Developed by OpenAI, an artificial intelligence research company, ChatGPT is a natural language model capable of amazing answers, which was fed by a gigantic database. However, to prevent abuse, its designers have implemented restrictions on its use: in particular, it refuses to program malicious software.
WormGPT obviously has none of these barriers. SlashNext researchers were thus able to use this tool to “generate an email intended to trick an unsuspecting account manager into paying a fraudulent invoice”. The team was surprised at how well the language model performed at this task, calling the result “remarkably persuasive [et] also strategically astute”.
$60 to $700 Subscription for Cyber Criminals
According to posts seen by ZDNET on a Telegram channel launched to promote the tool, the developer is developing a subscription model for access ranging from $60 to $700. A member of the channel, “darkstux”, claims that there are already more than 1,500 WormGPT users.
Everything suggests that WormGPT is unfortunately only the first of a new line of malicious tools. There is no doubt that where there is money to be made, cybercriminals will take the lead. Natural language models could turn easy-to-avoid phishing-based scams into sophisticated operations that are more likely to succeed.
New challenge for police services
The European police agency Europol also called in a report published a few months ago to monitor the development of this kind of natural language models. “This presents a new challenge for law enforcement, as it will be easier than ever for malicious actors to carry out criminal activities without the necessary prior knowledge,” she said.
Not to mention that ChatGPT itself can be diverted from its intended uses to be used for illegal purposes. Because the conversational agent can, for example, write professional emails, cover letters, CVs, order forms, etc. On its own, it can eliminate some of the most common indicators of a phishing email, misspellings and grammar issues.
Source: “ZDNet.com”