views
When ChatGPT was developed by OpenAI in November last year, it took the world by storm. The AI-powered language model not only answered queries and provided information, but also eased doing task that took days like writing tasks, analysing datasets and writing codes.
While the OpenAI chatbot began to be used by millions worldwide, Google launched an alternative Bard, while Microsoft came up with AI-powered search engine Bing AI or the new Bing. Many other alternatives came out offering similar and more advanced capabilities.
However, a new AI tool, termed as malicious cousin of ChatGPT, was launched recently and is being promoted for sale on a hacker forum.
WormGPT is based on the GPTJ language model, which was developed in 2021. It reportedly has a range of features, including unlimited character support, chat memory retention and code formatting capabilities.
Our WormGPT tool in action ????Buy/Questions – https://t.co/XXv2dm4UCC#WormGPT #AI #CyberSecurity #ChatGPT #OpenAI #WormAI #Worm #ArtificialIntelligence #Malware pic.twitter.com/toBb8NfU8D
— WormGPT (@wormgpt) July 17, 2023
Researchers from cybersecurity firm SlashNext said the cybercrime tool is a blackhat “alternative” to ChatGPT and “lets you do all sorts of illegal stuff and easily sell it online in the future.”
Why is it Termed Malicious?
SlashNext has confirmed that the “sophisticated AI model” was developed purely with malevolent intent.
While other AI tools like ChatGPT has a set of rules in place to prevent abuse of the chatbot and unethical use, WormGTP has no ethical boundaries or limitations and providing hackers with a method to conduct large-scale attacks.
“This tool presents itself as a blackhat alternative to GPT models, designed specifically for malicious activities. WormGPT was allegedly trained on a diverse array of data sources, particularly concentrating on malware-related data,” the report on SlashNext read.
In one of the experiments conducted by researchers at Slashnet, they instructed WormGPT to generate an email to pressure an account manager into paying a fraudulent invoice.
The AI tool produced an email “that was not only remarkably persuasive but also strategically cunning, showcasing its potential for sophisticated phishing and BEC attacks.”
What are the threats from WormGPT?
Here are some of the potential threats from the AI tool:
- It is used for cybercrimes likes hacking, data theft and other illegal activities.
- It has made it easy to re-create phishing emails, so it’s important to be cautious when going through your inbox.
- The AI tool has the potential to craft malware to set up phishing attacks.
- It also equips hackers with the means to instigate sophisticated cyberattacks.
- It facilitates cybercriminals in executing illegal activities effortlessly.
Does WormGPT has any ethical constraints?
The AI tool doesn’t have any ethical constraints. It is in stark contrast to other GPT models like ChatGPT or Google’s Bard as it doesn’t have any ethical boundaries or limitations to prevent it against malicious intents.
Reports said that it was cooked up exclusively for malicious deeds, such as malware creation and exploiting vulnerabilities.
The developer of WormGPT is creating a subscription model for access, ranging from $60 to $700. The developer has already managed to get over 1,500 users.
How to Protect Against Malicious Attacks?
Here are some of the things that one needs to keep in mind:
- Awareness on Business email compromise (BEC) attacks and developing training programs to avoid such attacks.
- To protect against AI-driven BEC attacks, organisations should enhance email verification processes and flagging messages containing keywords like “urgent”, “sensitive”, or “wire transfer”.
- Enabling multi-factor authentication for email accounts as it requires multiple pieces of information to log in, such as a password and a dynamic pin, code, or biometric.
- Don’t open any email from unknown parties and if you do, then do not click on links or open attachments.
- Double-check the sender’s email address and verify the sender’s request through a different source.
Comments
0 comment