The surging popularity of ChatGPT has spawned a new wave of malicious activities exploited by cyber threat actors. Kaspersky, a cybersecurity solutions provider, reports that its digital footprint intelligence has identified fraudulent websites offering counterfeit access to the artificial intelligence (AI) malicious tool, WormGPT.

To an experienced eye, these websites exhibit classic phishing characteristics, but to the uninitiated, they may appear legitimate, as observed by Kaspersky’s monitoring team.

Kaspersky acknowledges that this trend does not currently pose an immediate threat to users but underscores the increasing popularity of black-hat alternatives to GPT models. The company underscores the importance of robust cybersecurity solutions.

Kaspersky identifies top cyber threats targeting SMBs in SEA
Kaspersky: AI can augment IT security teams’ tasks

“It is a well-known fact that cybercriminals often deceive each other,” Alisa Kulishenko, digital footprint analyst at Kaspersky, said in a media release. “However, recent phishing attempts may indicate the level of popularity of these malicious AI tools within the cybercriminal community. These models, to some extent, facilitate the automation of attacks, thereby emphasizing the increasing importance of trusted cybersecurity solutions.”

The fake websites come in various designs, offer different pricing structures, and use various currencies for payment. Some even require an upfront payment for access to a trial version.

Phishers and scammers often exploit the popularity of certain products and brands, and WormGPT is no exception. 

To avoid threats related to the cybercriminal’s activities in the shadow segment of the internet, it is worth implementing the following security measures:

• Use Kaspersky Digital Footprint Intelligence to help security analysts explore an adversary’s view of their company resources and promptly discover the potential attack vectors available to them. This also helps raise awareness about existing threats from cybercriminals in order to adjust your defenses accordingly or take counter and elimination measures timely.
• Choose a reliable endpoint security solution such as Kaspersky Endpoint Security for Business that is equipped with behavior-based detection and anomaly control capabilities for effective protection against known and unknown threats.
• Dedicated services can help combat high-profile attacks. The Kaspersky Managed Detection and Response service can help identify and stop intrusions in their early stages, before the perpetrators achieve their goals.  If you encounter an incident, Kaspersky Incident Response service will help you respond and minimize the consequences, for instance identify compromised nodes and protect the infrastructure from similar attacks in the future.