FraudGPT, a generative artificial intelligence (AI) chatbot used to write malicious code, scam letters and more is now available on various dark web marketplaces and the Telegram platform. The author also claims more than 3,000 confirmed sales and reviews, and says the tool can develop undetectable malware and find vulnerabilities in targeted platforms. A subscription costs $200 per month, $1,000 for a six-month subscription and $1,700 for a 12-month subscription.
Impact
Cloud attack vectors include vulnerabilities and misconfigured instances on Linux and Windows servers. The FraudGPT framework provides around-the-clock escrow services and enables threat actors to:
- Write malicious code
- Create undetectable malware
- Find non-Verified by Visa (VBV) bank identification numbers (bins)
- Create phishing pages
- Create hacking tools
- Find groups, sites and markets
- Write scam pages/letters
- Find leaks and vulnerabilities
- Learn to code/hack
- Find cardable websites
DXC perspective
The exact large language model (LLM) used to develop the system is currently unknown, and mitigation varies with the type of attacks. We recommend a strong cyber defense program that includes monitoring the network and endpoints for C2 traffic and suspicious or abnormal user and file behavior. Note, however, that security controls may not detect intrusions if the threat actor uses valid credentials. Other useful practices include:
- Avoid hosting user email accounts or user web-based email traffic on network servers
- Implement tools and practices to prevent phishing attempts from harvesting user credentials
- Install and regularly update antivirus software on all hosts and enable real-time detection
- Patch vulnerabilities
- Configure machines according to security best practices