Generative artificial intelligence as a tool to improve the efficiency of business, scientific research, etc. has attracted interest not only in the business and scientific world, but also among criminals. After WormGPT, a clone of ChatGPT that was trained on malware and associated data, a new, even more powerful generative AI tool for hackers called FraudGPT appeared on the dark web in late July. writes Resource BleepingComputer.com.
The FraudGPT AI bot is a versatile tool for cybercriminals. It can be used to create applications for hacking computer networks, phishing emails, writing malicious code, detecting leaks and vulnerabilities for further criminal exploitation. A monthly subscription to FraudGPT reportedly costs $200, up to $1,000 for six months straight, and up to $1,700 for a year.
BleepingComputer.com claims that WormGPT and FraudGPT were created by the same person named CanadianKingpin12. He told cybersecurity company SlashNext that he is developing new DarkBART and DarkBERT AI bots that have internet access and can integrate with Google Lens to provide the ability to send text along with images. It should be noted that the DarkBERT AI model was developed by the Korea Institute of Science and Technology (KAIST) to combat cybercrime.
DarkBERT is available to scientists with authorization using the appropriate email addresses, but as SlashNext found, gaining access to an academic institution’s email address is not a problem for hackers or malware developers — it costs around $3.
According to SlashNext, Canadian Kingpin12 uses DarkBERT for its own purposes, which is diametrically opposed to the purpose of the AI model, and creates a “dark” version of the tool based on it.
The malicious version of the DarkBERT AI bot aims to:
- creating sophisticated phishing campaigns that target people’s passwords and credit card information;
- Conducting sophisticated social engineering attacks to obtain confidential information or gain unauthorized access to systems and networks;
- Exploiting vulnerabilities in computer systems, software and networks;
- creation and distribution of malicious programs;
- Exploit zero-day vulnerabilities for financial gain or to disrupt systems.