Cybersecurity firm SlashNext reported on its blog that their team successfully accessed WormGPT through an online forum commonly associated with cybercrime. WormGPT is promoted as a blackhat alternative to GPT models, tailored specifically for malicious purposes.
According to the website, WormGPT is built on the GPTJ language model, developed in 2021. It boasts six billion parameters and shares the same vocabulary size as OpenAI’s GPT-2, specifically 50257 tokens, as per Moneycontrol.
WormGPT offers numerous features, including unlimited character support, chat memory retention, and code formatting capabilities. The tool was allegedly trained on diverse data sources, with a focus on malware-related data. However, the exact datasets used in the training process remain undisclosed by the tool’s author.
The anonymous creator of WormGPT demonstrated its capabilities by uploading screenshots to the online forum, showcasing its ability to write code for malware attacks and create phishing emails.
Researchers tested WormGPT by instructing it to send an email demanding payment for a fraudulent invoice, which yielded unsettling results. The generated email was remarkably persuasive and strategically cunning, highlighting the tool’s potential for sophisticated phishing and BEC attacks.
Generative AI technologies like WormGPT pose a significant threat, even in the hands of novice cybercriminals. They can produce emails with impeccable grammar, making them appear legitimate and reducing the likelihood of being flagged as suspicious.
WormGPT’s creator referred to it as the biggest rival to the well-known ChatGPT and acknowledged that the tool enables users to engage in illegal activities.
The creator plans to launch a subscription model, allowing people to access WormGPT for prices ranging from $60 to $700, with claims of already having 1,500 users, as reported on ZDnet.
Europol has warned about the potential misuse of AI like ChatGPT for fraud, impersonation, and social engineering attacks. The ability of ChatGPT to draft highly authentic texts based on user prompts makes it a valuable tool for phishing purposes. Large language models (LLMs) empower hackers to carry out cyber attacks more rapidly, authentically, and on a significantly larger scale.
