Abnormal Security uncovers GhostGPT, an uncensored AI chatbot built for cybercrime. Learn how it boosts cybercriminals’ abilities, makes malicious activities easier to execute, and creates serious challenges for cybersecurity experts.
Artificial intelligence (AI) has revolutionized countless industries, but its potential for misuse is undeniable. While AI models like ChatGPT have shown immense promise in various fields, their power can be easily exploited by threat actors through malicious AI chatbots like GhostGPT.
In late 2024, AI-powered email security solutions provider Abnormal Security uncovered this new AI chatbot designed specifically for cybercriminal activities. Dubbed GhostGPT, this malicious AI tool, readily available through platforms like Telegram, empowers cybercriminals with unprecedented capabilities, from crafting sophisticated phishing emails to developing sophisticated malware.
Unlike traditional AI models constrained by ethical guidelines and safety measures, GhostGPT operates without such restrictions. This unfettered access to powerful AI capabilities allows cybercriminals to generate malicious content, such as sophisticated phishing emails and malicious code, with unprecedented speed and ease.
According to Abnormal Security’s analysis, GhostGPT is likely designed using a wrapper to connect to a jailbroken version of ChatGPT or an open-source LLM, removing ethical safeguards. This allows GhostGPT to provide direct, unfiltered answers to sensitive or harmful queries that traditional AI systems would block or flag.
This tool significantly lowers the barrier to entry for cybercrime. No longer requiring specialized skills or extensive technical knowledge, even less experienced actors can leverage the power of AI for malicious activities and launch more sophisticated and impactful attacks with greater efficiency.
Furthermore, GhostGPT prioritizes user anonymity, claiming that user activity is not recorded. This feature appeals to cybercriminals seeking to conceal their illegal activities and evade detection.
“GhostGPT is marketed for a range of malicious activities, including coding, malware creation, and exploit development. It can also be used to write convincing emails for business email compromise (BEC) scams, making it a convenient tool for committing cybercrime,” Abnormal Security’s blog post revealed.
GhostGPT’s easy availability on Telegram makes it highly convenient for cybercriminals. With a simple subscription, they can immediately start using the tool without the need for complex setups or technical expertise.
Abnormal Security researchers tested GhostGPT’s capabilities by creating a convincing Docusign phishing email template. The chatbot demonstrated its ability to trick potential victims, making it a powerful tool for anyone intending to use AI for malicious purposes.
This is not the first time a chatbot has been created for malicious purposes. In 2023, researchers identified two other harmful chatbots, WormGPT and FraudGPT, which were used for criminal activities and caused serious concerns within the cybersecurity community.
Nevertheless, the rise in GhostGPT popularity, evidenced by thousands of views on online forums, indicates a growing interest in AI by cybercriminals, and the need for innovative cybersecurity measures. The cybersecurity community must continuously innovate and evolve its defences to stay ahead of the curve.
