A recent article published by SC Magazine reported that cybercriminals have developed a generative AI tool called WormGPT which is designed to help grammatically challenged criminals craft convincing business email compromise (BEC) emails.
WormGPT promoters claim their product has zero ethical constraints and can spit out AI-created BEC content for urgently soliciting funds from targeted victims and also whip up customizable malware code, which makes it extremely nefarious.
Dan Shiebler, Head of Machine Learning at Abnormal Security had this comment:
“The most common Generative AI tools like ChatGPT, Google Bard, and Claude have explicit checks built in to prevent abuse and malicious use by threat actors. These checks cannot be avoided, because the tools work by sending users’ prompts to OpenAI (for ChatGPT), Google (for Bard) and Anthropic (for Claude), who then run the prompts through a series of checks in their models, before sending the output back to the user. Attackers can trick these checks, but it’s fairly difficult to do.Tools like WormGPT, on the other hand, use open source models like LLAMA and GPTJ. Users run these models by downloading them to their own computers, which allows them to remove the check process entirely – they don’t need to be particularly savvy or do any work to trick the checks, like they would with a tool like ChatGPT. This means there are no limits on the kind of content it could produce.GPTJ, which is what WormGPT is built on, has been around since 2021, so cybercriminals have likely already been using it for years.”
One of the ways that I teach people to spot BEC or phishing emails is to look out for the grammar. Or lack of it more precisely. With a tool like this, spotting BEC or phishing emails is going to get far harder. Which means that the success of these emails will go up which is bad for all of us.