WormGPT is an AI tool that creates convincing fake emails for cybercriminals, using personal information and malware to manipulate recipients. It is dangerous and unethical.
This article discusses the use of WormGPT by cybercriminals for phishing and BEC attacks. It also provides tips on protecting oneself from these attacks and highlights the need for ethical safeguards in generative AI.
How WormGPT Generative AI Works
GPT-J is an open-source language model that powers WormGPT AI. It is similar to GPT-3 but free and available to everyone. It can generate texts on any topic and format them in various styles.
WormGPT is a specialized module that employs GPT-J as its primary mechanism. It has some features that make it more suitable for malicious activities than ChatGPT or other generative AI tools.
- It has unlimited character support, meaning it can generate long texts without any truncation or limitation.
- It has chat memory retention, meaning it can remember previous messages and use them to generate coherent and consistent responses.
- It has code formatting capabilities, meaning it can generate code snippets or attachments that look legitimate but contain malicious code.
WormGPT, trained on diverse data including malware-related information, is seen as a rival to ChatGPT and facilitates illegal activities.
How WormGPT is Used for Phishing and BEC Attacks
WormGPT AI helps bad guys make fake emails that look real and personal, making it easier to launch successful attacks. They use WormGPT as a tool to generate these fake emails in a matter of seconds.
To use WormGPT website, cybercriminals need to access its website or its forum page. They need to pay a fee of $98 per month or $900 per year to use its full features. They must give basic details about their target, like name, email, company, job title, or other information.
Then they need to enter a query or a prompt that specifies what kind of email they want to generate. They can type a request for an immediate transfer of $10,000 to a different account.
The request is from ABC company‘s CEO to XYZ company‘s account manager. WormGPT will then generate an email that matches the query, using the information provided by the cybercriminal.
The email generated by WormGPT AI will look very realistic and convincing. It will use the correct names, titles, and company names of the sender and the recipient. It will also use formal and polite language, proper grammar and spelling, and appropriate salutations and signatures.
It will also use pressure tactics, urgency, or emotion to persuade the recipient to comply with the request. For example, it might say something like “This is a very important and time-sensitive matter. Please do not delay or question this request. I trust you to handle this with utmost discretion and professionalism”.
The email may have a code or attachment that looks real, like an invoice, contract, or report. However, these files will contain malicious code that can infect the recipient’s device or network with malware or ransomware. The malware or ransomware can then steal data, lock files, or demand ransom from the victim.
WormGPT generative AI can produce emails that are very hard to detect and resist by traditional security measures or human intuition. They can bypass spam filters, antivirus software, or grammar and spelling checks. They can take advantage of trust, authority, curiosity, greed, fear, and urgency to manipulate people.
How to Protect Yourself from WormGPT Attacks
To protect yourself from WormGPT generative AI related attacks, you need to be more aware and secure. Here are some tips that can help you:
- Update your training programs for BEC attacks and email verification measures. Educate yourself and your employees about the common signs and methods of phishing and BEC attacks. Set up email verification to notify you of external emails or those with suspicious keywords, ensuring security for your company.
- Spot suspicious emails that use keywords like “urgent”, “wire transfer”, or “sensitive”. Be careful with emails that ask for unusual or urgent actions. These actions may include transferring money to a different account, purchasing gift cards, or opening attachments.
- Check the sender’s email address carefully for mistakes. Confirm the sender’s identity by calling them directly or using a different way to communicate.
- Report any suspicious emails or websites that use WormGPT. If you get an email from WormGPT or another AI tool, don’t respond, click on links, or open attachments. Report it to your IT department or security team immediately. Also report any websites or forums that offer WormGPT or similar tools to the authorities or online platforms.
Frequently Asked Questions
WormGPT website is a generative AI tool that compromises business emails. A black-hat alternative to ChatGPT, released in July 2023. It can reply to queries that include malicious content, while other known generative AI tools like ChatGPT or Bing can’t.
WormGPT website is an example of the dark side of generative AI and the need for ethical safeguards. Generative AI has many positive and beneficial applications, but it also has many negative and harmful applications. We must recognize the dangers of generative AI and create rules to stop its misuse.