It’s not the robot uprising, but as with most innovative ideas, it hasn’t taken long for users on the dark web to corrupt it.
If you have tried ChatGPT and found that it helped you craft a catchy slogan for an Instagram post or come up with an idea for your latest blog, congratulations. You’ve unlocked some of the potential programs like this offer savvy marketers. However, there’s also a dark side to programs like Google Bard and ChatGPT, and you may be surprised to learn about them.
Let’s take a dive into the murky waters of the dark web and illicit AI chat programs.
Uncovering Dark AI Programs
Unfortunately, illicit and criminal versions of the popular ChatGPT have been doing the rounds on the dark web, and judging by the number of people selling them, they’re doing some big business.
If you’ve ever received a badly written phishing email filled with spelling mistakes, poor grammar, and bad word choices, then you’re already starting to get an idea of why an illicit version of ChatGPT would be so appealing to certain elements in our community.
Recently, KrakenLabs, the threat intelligence team for Outpost24, has spent a considerable amount of time investigating these illicit AI language programs. They identified that two of the biggest sellers were Last and CanadianKingpin12, formerly known as CanadianSmoker12.
The most popular version appeared to be a program named WormGPT. So, what does WormGPT do? Everything the original version of ChatGPT won’t. For most of us, we wouldn’t need any of the services these programs offer, but for people who dedicate their lives to stealing and defrauding the rest of us, this is exactly what they need.
What Is WormGPT?
WormGPT was one of the original corruptions of ChatGPT. It was launched in July 2023, but it’s by no means the only illicit version of ChatGPT. Following along in its wake was a long list of illicit programs, including FraudGPT, DarkGPT, DarkBert, DarkBARD, and many more.
In its advertising, WormGPT offered its users a “new and exclusive bot designed for fraudsters, hackers, spammers, [and] like-minded individuals.” If its description is anything to go by, it will write malicious code, scam pages, build hacking tools, write phishing pages, and design undetectable malware designed to exploit weaknesses in users’ systems.
How much does WormGPT and programs like FraudGPT cost? Prices vary depending on who’s doing the advertising, but a monthly subscription typically starts at $100, and an annual subscription anywhere between $500-700. There’s also a $5,000 private setup if you’ve got a little extra money to throw around on your illegal hacking and scam program.
“Threat actors are constantly looking for new ways or paths to achieve their goals, and the use of artificial intelligence is one of these novelties that could drastically change the underground ecosystem,” said Outpost24, commenting on the findings of its research team. “The cybercrime community will see this new technology either as a business model (developers and sellers) or as products to perpetrate their attacks (buyers).”
What Goes Up Must Eventually Go Down
There’s no denying that phishing scams are becoming more elaborate and challenging to detect. According to AAG:
Phishing is the most common form of online cybercrime, with over 3.4 billion phishing emails sent every day.
Google blocks over 100 million suspected phishing emails every day.
In 2022, almost 50% of emails sent were spam.
A fifth of all phishing emails originate in Russia.
According to Forbes, statistics show that in 2022, there were over 300k phishing victims in the USA, ultimately costing over $52 million. As you can see, scamming people using phishing emails is big business, and that business is fueling the malicious ChatGPT program market.
However, it appears that some programs, including WormGPT, have been victims of their own success. On their dedicated Telegram channel, the creators behind WormGPT announced that it would be ending the sale of the program and have since deleted all their corresponding channels.
Have they had a change of heart, or is the heat ramping up due to an article written by Brian Krebs exposing the brains and names behind the illicit ChatGPT program?
While they claim that too much public visibility was behind shutting down the program, the fact that authorities and security specialists now know who created the program and it was generating too much potential risk for the developers is probably closer to the truth.
Everything Is Fair In Love and War – Including Ripping Off Other Scammers
It turns out that nothing is sacred, and a popular phishing tool is now being ripped off and sold by other scammers, with many people advertising the illicit product on the dark web only to fail to deliver what they’re selling.
“The hype surrounding AI tools has also attracted many scammers who have set up websites and Telegram channels to deceive people into purchasing nonexistent access to those tools,” said Outpost24. “The rise in these scams is even more indicative of these emergent crime-enabling AIs’ popularity and interest from the underground community.”
The Cost of Phishing
Regardless of why they shut down WormGPT, it doesn’t eliminate the fact that these black-hat ChatGPT versions are being produced.
Individuals and businesses need to be extremely vigilant with every email they open, including ones that appear to have been sent internally.
According to Dark Reading, phishing scams can cost some businesses up to $1 million annually. On average, every phishing email takes approximately 25-30 minutes to deal with. If you consider how much you’re paying your IT team, half an hour per phishing email is a considerable cost to incur, especially if you’re receiving or dealing with multiple threat emails every day.
However, suppose an employee is tricked by a phishing email. In that case, the costs start to increase at an exponential rate as the security system of the whole organization needs to be examined and checked for security threats.
Protect Your Business
Here are 10 ways that you can protect your business against phishing scams presented by cyber security consultants Helixstorm:
Install Security Software
Keep Security Software Updated
Protect Remote Workers
Enforce Strict Password Policies
Schedule and Stick to Regular Backups
Use Multi-Factor Authentication
Avoid Emails from Unknown or Untrusted Senders
Beware of Spoofing Scams
Don’t Provide Personal Information or Click Suspicious Links
Be Alert, Vigilant, and Pay Attention
If you have any doubts about an email or invoice, call the person. Or send them an email directly using the directory rather than replying to the email they sent. Unfortunately, while technological improvements can help us, unscrupulous people are using that same technology to take advantage of us.
About 6° Media If you want to create a digital culture for your company that wins over customers' hearts, 6° Media is here to help. Our skilled marketing experts can foster your business's continuous growth at scale and on budget.