A malicious AI tool dubbed “FraudGPT” has been circulating the cybercriminal underground since July 22nd, cloud data analytics platform Netenrich revealed on Tuesday.
“This is an AI bot, exclusively targeted for offensive purposes, such as crafting spear phishing emails, creating cracking tools, carding, etc.,” the Netenrich team said in a blog post.
FraudGPT is being sold on Telegram and dark web marketplaces. The threat actor behind FraudGTP claims to be a verified vendor on various dark web marketplaces, including EMPIRE, WHM, TORREZ, WORLD, ALPHABAY, and VERSUS.
This threat actor has also advertised numerous hacking services such as bank card fraud, DDoS attacks, “lookups,” mentorship and tutorials, and more.
FraudGPT’s Capabilities and Subscription Prices
According to Netenrich, FraudGPT’s capabilities include writing malicious code, creating undetectable malware, finding non-VBV bins, creating phishing pages, creating hacking tools, writing scam pages/letters, finding leaks and vulnerabilities, teaching coding/hacking, finding cardable sites, and more. The tool claims to have 3000+ confirmed sales/reviews and offers 24/7 escrow.
FraudGPT is being offered on a subscription basis. It’s priced at around $200 per month to $1,700 per year, Netenrich said. The threat actor is offering the first 20 buyers a month subscription for free.
The threat actor selling FraudGPT, identified as “CanadianKingpin,” alleges that the tool is fast and stable, does not limit user prompts, has a “privacy focus,” updates every other week, and can leverage “different AI models,” among other features and capabilities.
In a screenshot, Netenrich showed how FraudGPT could be used to create a “short but professional spam text” someone could send to Bank of America or Chase bank customers.
“Dear Bank of America member: Please check out this important link in order to ensure the security of your online banking account: [SHORT LINK] We look forward to ensuring the safety of your account. Thank you,” the text reads.
According to Netenrich, CanadianKingpin may have decided to start offering his services on Telegram to avoid dark web exit scams.
How to Protect Yourself From Malicious AI Tools Like FraudGPT
FraudGPT appears to reflect a growing trend in the criminal underground of using AI tools for nefarious purposes. Earlier this month, SlashNext reported about a new AI-powered criminal tool called WormGPT, which can be used to conduct sophisticated phishing and business email compromise (BEC) attacks.
Even if they look convincing, phishing emails can still be detected by conventional tools, Netenrich said. Netenrich also stressed the importance of fast analytics to prevent ransomware or data breaches in the corporate world.
We recommend using a real-time antivirus scanner to catch malicious apps and stop them in their tracks. We’ve tested various antivirus tools over the years. You’ll find our top picks in our article about the best antivirus software.
GPT (generative artificial intelligence) technology can enhance communication and productivity. However, it also comes with significant risks and challenges for cybersecurity and privacy. You should be aware of the potential threats posed by AI malware, malicious AI chatbots, and AI scams and take proactive measures to protect yourself and your data.
Follow us on Twitter, Threads, and Mastodon for more news and tips!
