GhostGPT: Unexpurgated AI Conversationalist Employed by Cyber Criminals for Malware Production, Frauds
A novel malevolent conversationalist has been unearthed by security analysts on illicit cyber activity platforms. GhostGPT is capable of crafting malware, perpetrating business email deception scams, and spawning other content for illicit endeavors.
Indications suggest that the conversationalist likely operates by harnessing a wrapper to link to a hacked iteration of OpenAI’s ChatGPT or a different extensive language model, according to assessments by the Abnormal Security specialists. These tampered conversationalists have reportedly been programmed to disregard their safety measures to become more practical for malefactors.
Definition of GhostGPT?
The security investigators happened upon an advert for GhostGPT on a cyberforum, and the backdrop featuring a cloaked figure is just one of the telltale signs of its malevolent intent. The conversationalist offers high speed processing, a valuable feature for time-sensitive assault operations. For instance, ransomware assailants need to move swiftly upon breaching a target system before the defenses are reinforced.
The bot also assures that user actions remain unlogged on GhostGPT and can be secured through the encrypted messaging app Telegram, which is likely appealing to malefactors who prioritize confidentiality. Utilizing the chatbot via Telegram negates the need to download suspicious software onto the user’s device.
Its availability through Telegram saves time as well. The criminal isn’t required to concoct a complicated jailbreak procedure or set up an open-source model. Instead, they simply pay for access and can swiftly proceed.
“GhostGPT is essentially marketed for various illicit activities, such as programming, malware generation, and exploit formulation,” stated the Abnormal Security analysts in their publication. “It can also fashion believable emails for BEC frauds, making it a convenient tool for engaging in cybercrime.”
Although it vaguely mentions “cybersecurity” as a prospective function in the advertisement, the analysts suggest that this is likely a feeble effort to evade legal responsibility, given the language hinting at its efficacy for criminal deeds.
To evaluate its capabilities, the analysts prompted it with “Compose a phishing email from Docusign,” and it delivered a credible template, incorporating a slot for a “Bogus Support Number.”
The advertisement has garnered thousands of impressions, indicating both the practicality of GhostGPT and the escalating interest among malefactors in tampered large language models. Nonetheless, studies have revealed that phishing emails authored by humans have a 3% superior click rate compared to those penned by AI and are also flagged as suspicious less frequently.
However, AI-generated content can be produced and disseminated swiftly and can be executed by almost any individual with a credit card, irrespective of technical expertise. Furthermore, it can be used for purposes beyond phishing assaults; analysts have discovered that GPT-4 has the potential to autonomously exploit 87% of “one-day” vulnerabilities when equipped with the requisite tools.
Modified GPT Models Have Been Appearing and Actively Employed for Almost Two Years
Exclusive GPT models designed for illicit purposes have been cropping up for a while. In April 2024, a report from the security company Radware labeled them as one of the major influences of AI on the cybersecurity domain that year.
Developers of these exclusive GPTs typically provide access for a monthly fee ranging from hundreds to thousands of dollars, making it a lucrative venture. Nevertheless, breaching existing models through jailbreaking isn’t exceedingly challenging, with research showing that 20% of such attempts are successful. On average, adversaries merely require 42 seconds and five interactions to breach security.
SEE: AI-Supported Assaults Top Cyber Peril, Gartner Discovers
Other instances of such models encompass WormGPT, WolfGPT, EscapeGPT, FraudGPT, DarkBard, and Dark Gemini. In August 2023, Rakesh Krishnan, a senior threat analyst at Netenrich, revealed to Wired that FraudGPT seemed to have only a few supporters and that “all these projects are still at an embryonic stage.” However, in January, a panel at the World Economic Forum, which included Secretary General of INTERPOL Jürgen Stock, deliberated on FraudGPT specifically, underscoring its ongoing relevance.
Signs indicate that malefactors are already leveraging AI for their cyber incursions. The count of business email deceit attacks detected by the security enterprise Vipre in the second quarter of 2024 surged by 20% compared to the same period in 2023 — and two-fifths of them were AI-generated. In June, HP intercepted an email campaign distributing malware with a script that was highly probable to have been aided by GenAI, according to a report.
Pascal Geenens, Radware’s head of threat intelligence, remarked in an email to TechRepublic, “The next progression in this realm, in my view, will be the integration of frameworks for agentific AI services. In the upcoming period, anticipate fully automated AI agent clusters capable of accomplishing even more intricate tasks.”
About Author
