Suspected WormGPT phishing websites surface on Darknet

Mumbai: Suspected WormGPT phishing websites surface on the Darknet revealed Kaspersky’s experts. Kaspersky Digital Footprint Intelligence experts have uncovered a series of websites on the darknet that appear to be selling fake access to the malicious AI tool WormGPT.

These websites have phishing-like characteristics, including varying designs, pricing, and currencies used for payment, and some require upfront payment for access to a trial version. This trend, while not an immediate threat to users, underscores the rising popularity of black-hat alternatives to GPT models and emphasizes the need for robust cybersecurity solutions.

The cybercriminal community has started leveraging AI capabilities to aid in their nefarious business, and the darknet currently provides a range of language models specifically designed for hacking purposes such as BEC (business email compromise), malware creation, phishing attacks, and beyond.

Suspected WormGPT phishing websites

One such model is WormGPT, a nefarious version of ChatGPT which, unlike its legitimate counterpart, lacks specific limitations, making it an effective tool for cybercriminals looking to carry out attacks, for example, Business Email Compromise (BEC).

Phishers and scammers often exploit the popularity of certain products and brands, and WormGPT is no exception. On darknet forums and in illicit Telegram channels, Kaspersky experts have found websites and ads, offering fake access to the malicious AI tool and targeting other cybercriminals, that are apparently phishing sites.

These websites differ significantly in several ways and are designed as typical phishing pages. They have different designs and pricing. Payment methods also vary, ranging from cryptocurrencies, as originally proposed by the author of WormGPT, to credit cards and bank transfers.

Dark web

In the dark web, it is impossible to distinguish malicious resources with absolute certainty. However, there are many indirect pieces of evidence that suggest that the discovered websites are indeed phishing pages, according to Alisa Kulishenko, Kaspersky’s Digital Footprint Analyst.

“The authors behind the genuine WormGPT have issued a warning and shared some tips to verify the authenticity of the offers. It is a well-known fact that cybercriminals often deceive each other,” said Kulishenko.

“However, recent phishing attempts may indicate the level of popularity of these malicious AI tools within the cybercriminal community. These models, to some extent, facilitate the automation of attacks, thereby emphasizing the increasing importance of trusted cybersecurity solutions,” explained Kulishenko.

“The enhanced service is timely as the social media penetration rate in India increases. We hope to work together with organisations to build a safer world, by maintaining the organisations’ reputation and keeping their customers data safe with our solution,” added Jaydeep Singh, Kaspersky’s General Manager for South Asia.