ChatGPT has revolutionised interactive dialogue generation, but a darker side has emerged with the arrival of WormGPT, the malicious AI-driven tool developed by EleutherAI.

WormGPT, based on the 2021 GPTJ large language model, is a specialised variant designed for malicious purposes. Unlike its acclaimed counterpart, this variation lacks guardrails to prevent unlawful or malicious usage, making it a destructive weapon in the hands of adversaries.

Trained on datasets related to malware, this offensive tool offers unlimited character support, chat memory retention, and code formatting, amplifying its potential for harm.

Attackers are primarily using WormGPT for phishing campaigns, particularly Business Email Compromise (BEC) attacks.

WormGPT enables the generation of convincing and personalised emails, aiding in deceiving targets into disclosing sensitive information or sending money. It is particularly advantageous for threat actors whose primary language is not English, as it enhances the authenticity of their emails, making them appear more convincing to recipients.

It can also be employed for spear phishing and social engineering attacks, allowing attackers to tailor deceptive messages to specific individuals or organisations.

Additionally, WormGPT's versatility makes it useful for developing customised malware and carrying out various forms of email-based scams and credential harvesting.

One of the most concerning aspects of WormGPT is its ability to speed up the kill chain - the series of stages a cybercriminal goes through to execute an attack. By leveraging WormGPT, hackers can automate the generation of personalised, deceptive emails. This accelerates the reconnaissance and weaponisation phases of an attack, allowing adversaries to conduct malicious activities much quicker than previously.

WormGPT also empowers individuals with limited expertise to execute intricate attacks, thereby intensifying the risk and broadening the scope of the threat landscape.

Remediation & Mitigation

Understanding the risks, capabilities and behavior of this offensive tool helps develop effective defensive strategies.

Steps to mitigate the risks include monitoring email patterns, identifying suspicious language, and employing AI-based anomaly detection.

Robust email verification measures are also vital in countering malicious activities. This involves

implementing automatic alerts for impersonation attempts, verifying sender identities, and employing domain-based authentication mechanisms like DKIM, SPF, and DMARC.

Additionally, regular security awareness training plays a crucial role in enhancing defenses, by increasing awareness and empowering individuals to identify and report suspicious emails.

If you would like to upskill your employees on the risks and threats that exist in the online world, we offer security awareness training as an affordable service to businesses. Contact us if you're interested in this service.

Reporting

Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).