Recently, Hackread shared details of a malicious chatbot, WormGPT, created to aid cybercriminals in their illicit activities. Now, another chatbot called FraudGPT has appeared on the dark web. It is a subscription-based artificial intelligence chatbot that performs various tasks for cybercriminals, helping them to launch successful phishing campaigns and scams.
The artificial intelligence regeneration model has dramatically changed the cyberspace, and one chatbot after another has surfaced on the Internet. Previously it was more of a copycat version of ChatGPT, and now cybercriminals prefer generative AI jailbreaks to create malicious chatbots.
FraudGPT appeared on the Telegram channel on July 22, 2023. FraudGPT is a malicious artificial intelligence bot whose purpose is to facilitate spear-phishing emails, the creation of cracking tools, and card making.
Additionally, it assists attackers in crafting enticing emails to entrap targets. At the same time, FraudGPT can efficiently select websites to target and defraud users. The following is a detailed introduction of its main functions:
- assist in hacking
- Locating Fraudulent Sites
- Write malicious code and scam letters or web pages
- Create undetectable malware, phishing pages and hacking tools
- Find target websites/pages/groups, vulnerabilities, leaks and non-VBV databases
In addition to Telegram, FraudGPT is also sold on darknet markets starting at $200 per month and going up to $1,700 per year. The creators of FraudGPT claim the chatbot has garnered 3,000 sales.
The threat actor reportedly created its own Telegram channel on June 23 and launched the malicious chatbot thereafter. He subsequently became a supplier to numerous underground darknet markets, including WHM, Empire, AlphaBay, World, Versus, and Torrez.
The emergence of malicious chatbots such as FraudGPT and WormGPT is a worrying sign. Cybercriminals can now leverage artificial intelligence to achieve their goals and ensure a higher success rate for phishing scams. These tools can help attackers generate malicious text to lure targets into BEC or many other email-based attacks.