Phishing-as-a-Service Evolved: FraudGPT Takes Center Stage
Maja Bobi?, CISSP, CISA, CCSFP, CHQP
Chief Information Security Officer at SCA // Vice President ISSA Tampa Bay Chapter
The Menacing AI Tool on the Dark Web
Following the notoriety of WormGPT, cybercriminals are now advertising another menacing AI tool called FraudGPT across various dark web marketplaces and Telegram channels. The tool has been in circulation since at least July 22, 2023, and is being offered as a subscription service priced at $200 per month, with options for six-month and yearly plans at $1,000 and $1,700, respectively.
FraudGPT Unleashed for Offensive Purposes
FraudGPT is a highly specialized AI bot designed exclusively for offensive purposes, including crafting spear phishing emails, developing cracking tools, engaging in carding activities, and more. Its capabilities are tailor-made to cater to individuals seeking a wide range of illicit tools and features without limitations. The actor behind the tool, who goes by the alias CanadianKingpin, proudly promotes it as the ultimate alternative to Chat GPT for those seeking an exclusive toolkit.
领英推荐
3,000 Sales and Reviews of FraudGPT in Action
The actor claims that FraudGPT can be used for writing malicious code, creating undetectable malware, identifying leaks and vulnerabilities, and boasts more than 3,000 confirmed sales and reviews. However, the specific large language model (LLM) used to develop this system remains undisclosed.
FraudGPT and the Alarming Trend of AI-Powered Cyberattacks
This latest development highlights a growing trend among threat actors who are leveraging AI tools similar to OpenAI's ChatGPT to create new adversarial variants. These tools are deliberately engineered to facilitate various cybercriminal activities without any restrictions. As these AI-powered tools take the phishing-as-a-service (PhaaS) model to new heights, they could potentially serve as a launching platform for novice actors, enabling them to conduct sophisticated phishing and business email compromise (BEC) attacks on a large scale. The consequences may involve the theft of sensitive information and unauthorized wire payments, exacerbating the risks associated with cybercrime.