Malicious chatbots have learned to imitate the most popular artificial intelligence algorithms

Just a few months after OpenAI’s ChatGPT gained worldwide popularity, cybercriminals and hackers started creating their own versions of chatbots. The malware is aimed at hacking user accounts and writing phishing emails that trick potential victims into handing over their personal data.

Since the beginning of July, attackers have been advertising two large language models (LLMs) on darknet forums that imitate ChatGPT and Google Bard functions. These are WormGPT and FraudGPT.

Shadow LLMs disregard any security or ethical barriers. Daniel Kelly, an independent cybersecurity researcher, first noticed WormGPT when he was working with SlashNext.

«Artificial intelligence models are particularly useful for phishing because they lower the barriers to entry for many novice cybercriminals,» Kelly said. — «Many people say that most hackers can write an email in English, but now it’s not necessary because there are chatbots.»

Kelly said that while testing a malicious AI system, she was asked to create an email that could be used as part of a business email hacking scam. «The results were disturbing,» the expert said in his study. — «The system produced 'an email that was not only extremely persuasive, but also strategically cunning.

In posts on a darknet forum, the developer of WormGPT claimed that the system was based on GPTJ, an open-source model developed by the EleutherAI AI research group in 2021. According to Kelly’s research, the developers refused to disclose the datasets they used to train the malicious AI.

Meanwhile, the creator of FraudGPT claimed the system’s greater potential, suggesting that it can «create malware that is undetectable,» find leaks and vulnerabilities, and generate text that can be used in online fraud. Rakesh Krishnan, a senior threat analyst at Netenrich who found FraudGPT, said that access to FraudGPT is sold on darknet forums and in some Telegram channels for $ 200 per month or $ 1700 per year.

It is worth noting that the FBI and Europol recently issued a new warning about cyber fraud using malicious chatbots.

«Whenever any new product, service or event attracts public attention — from the Barbie movie to the Covid-19 pandemic — fraudsters rush to incorporate it into their hacker artillery. So far, fraudsters have tricked people into downloading password-stealing malware using fake ads for ChatGPT, Bard, Midjourney, and other generative artificial intelligence systems on Facebook,» law enforcement officials said.

Both the FBI and Europol note that hackers keep discussing the creation of new clones of popular AIs on cybercrime forums, and the skills of attackers will only improve. Therefore, law enforcement officers advise users to study digital literacy and critically perceive too attractive offers that unexpectedly appear in potential victims' emails.