GPT Goes Evil: How Criminals Are Leveraging LLM’s

How GPT’s Evil Twin Could Be Used in BEC Attacks

A black hat AI tool called Worm GPT is being used to improve the efficacy of phishing emails. This is particularly troubling because a recent survey shows that 1 in 5 people fall for the fake, AI-generated emails, according to cybersecurity researchers.

Researchers at SlashNext recently assessed WormGPT, an evil twin of OpenAI’s GPT AI model designed specifically for malicious activities.

Criminals continue to be early adopters of new tech; this black hat alternative to the GPT-J language model was developed in 2021. Features include unlimited character support, chat memory retention, exceptional grammar, lowered entry threshold and code-formatting capabilities. Of course, unlike ChatGPT, there are no restrictions on using WormGPT for illegal activities.

“The results were unsettling,” according to SlashNext researchers, who instructed the tool to generate an email intended to pressure an unsuspecting account manager into paying a fraudulent invoice. “WormGPT produced an email that was not only remarkably persuasive but also strategically cunning, showcasing its potential for sophisticated phishing and BEC attacks.”

A former black hat computer hacker who collaborated with researchers at SlashNext said WormGPT is trained on a diverse range of malware-related data, but the creator is not divulging the specifics of the training model.

Perhaps unsurprisingly, a recent study conducted by cybersecurity firm SoSafe showed that AI bots are already writing more effective phishing emails than humans. SoSafe’s research found that phishing emails written with AI are not recognized at first glance and are opened by 78% of recipients. Of those, 21% click on potentially malicious content, such as links or attachments.

“And that’s just the beginning: Technology will continue to evolve, giving cybercriminals more options or even customized solutions like WormGPT,” said Niklas Hellemann, CEO and co-founder of SoSafe, “This will take personalization scaling to a new level, making these attacks even more dangerous.”

Phishing never goes away—it just evolves as technology advances. If you have questions about the evolving IT threat landscape, call ITPAC today.