The dark side of generative artificial intelligence (AI) has reared its head: WormGPT is a new black hat-based tool launched by cybercriminals to help with social engineering and business email compromise (BEC) attacks.
The tool is readily available for download and is being touted as having no limitations towards its use, with no boundaries.
WormGPT is just one of many tools being developed by the cybercrime community. Others include using ChatGPT to mine sensitive information, or “jailbreaking” ChatGPT to use it for malicious purposes.
However, WormGPT is said to have been designed specifically as a black hat alternative to other large language model tools.
Tests using WormGPT have found that it generates extremely convincing BEC mails that could convince employees.
This is an alarming development in the cybersecurity threat landscape, says Anna Collard, senior vice-president: content strategy and evangelist at KnowBe4 Africa. “Cyber criminals have always been one of the first groups to reap the benefits of disruptive technology, resulting in the seemingly never-ending cat-and-mouse game of defenders trying to keep up with the criminals.
“As users, our best defense is to remain even more vigilant and unfortunately not trust anything at face value. A good tactic is to agree on safety code words to verify requests within our closest work, family and friendship circles to not be tricked by impersonation attacks.”
The WormGPT AI model can generate natural language text from a given input or context. It is based on the GPT-3 architecture, but with some modifications and improvements, producing text that is more coherent, diverse and creative than GPT-3.
It can also handle different tasks and domains, such as writing, summarising, translating, answering questions and more. It could soon be seen generating fake news as well as targeted malware attacks.
WormGPT is reasonably easy to download for those with dark web credentials and access to the underground forum where is sold. They can simply pay the subscription fee using cryptocurrency, install and run WormGPT on a computer or cloud service, and interact with WormGPT using commands and prompts.