FRAUDGPT: THE VILLAIN AVATAR of CHATGPT
NOTE: This article is originally attributed to Netenrich Research Blog. Here by sharing with few edits. To view the original content, you may click here.
With the rise of Generative AI Models, the scenario of the Threat Landscape has changed drastically. Now, anyone with limited technical knowledge can target anyone easily. Such offensive campaigns are already taking shape in various sectors such as Impersonation via DeepFakes, Phishing, Vishing via Voice Synthesizers, BEC Scams, etc.
AI-driven projects are moving at a faster pace, where it is getting complex to capture the automated machine-generated outputs. On one hand, as this became a tedious task for security folks, on the other end, this paved the way for cyber criminals to defraud/target more victims efficiently.
One such project is FraudGPT which is being circulated on Telegram Channels since July 22, 2023. The same can be found on various forums and also made its presence on Youtube (which is removed at this moment).
As per the advertised video, it is evident that the fraudster/threat actor can draft a well-crafted email body letter, which has the high confidence factor to click on the supplied malicious link. This would play a vital role in BEC (Business Email Compromise) Phishing Campaigns on organizations.
This also helps fraudsters to get an idea about how to write enticing emails to their targets.
NOTE: Target’s email addresses can either be collected from OSINT sources or obtain a spoofing email address with high confidence to fire up to the targeted network environment.
From the above screenshot, it is clear that this tool helps to pick up the most targeted services/sites, which can be further able to defraud.
The subscription to FraudGPT starts at $200 per month and goes up to $1700 for a year.
Some of the features include:-
Write malicious code
Create undetectable malware
Find Non-VBV Bins
Create Phishing pages
Create Hacking tools
Find groups, sites, markets
Write scam pages/letters
Find leaks, Vulnerabilities
Learn to code | hack
Find Cardable sites
Escrow available 24/7
3,000+ confirmed sales/reviews
To view the complete video, you can find it here as the Threat Actor published it in Google Drive.
THREAT ACTOR PROFILING
Before launching FraudGPT, the same person had created his Telegram Channel on June 23, offering other fraudulent services such as Carding, Selling Email Leads, CVV Dumps, etc.
The vendor/threat actor had quoted to be a verified vendor on various Underground Dark Web Marketplaces such as EMPIRE, WHM, TORREZ, WORLD, ALPHABAY, and VERSUS.
As all the marketplaces are exit scammed frequently, it can be assumed that the threat actor had decided to start a Telegram Channel to offer his services seamlessly, without the issues of Dark Web Marketplaces Exit Scams.
The Threat Actor had advertised the following hack activities such as:-
By tracing the Threat Actor’s identity registered on a Dark Web forum; it can be uncovered that the email address of the threat actor is:-
canadiankingpin12@gmail.com
It is also evident that the threat actor had started to advertise his new service (4 days ago i.e. 22nd July 2023) on various deep web forums such as Nulled or HackForums and popular Dark Web Marketplaces like Tor2Door, Kingdom Market, etc.
On a deeper dive, it is evident that the person is also present in TikTok, with the same handle and avatar:-
NOTE: There is another project similar to FraudGPT which is called “WormGPT” which is launched on 13 July 2023 and is gaining more traction among cyber criminals.
These kinds of Evil Alternatives of ChatGPT attract criminals and less tech-savvys to use such projects and gain financial profits.
For say, Security Researchers usually tail criminals by spotting grammatical errors or spell checks which are being advertised by their service on forums or ransom notes, to identify them as non-English speakers. But, now this is no more a herculean task for them to make it perfect and masquerade as English or any targeted nation speakers (Just translation is no more a smart option as it does not fix local dialect and intentions).
HOW TO STAY AHEAD OF GEN-AI THREATS?
As Cyber Criminals are harnessing the power of Generative AI, the same can be used against them reversely.
As technology is a double-edged sword, there are automated tools/services which can detect Machine-Generated contexts which can help netizens to stay alarmed when they suspect anything auto-generated.
One such service is SMODIN and GPTZERO, which helps to detect whether anything is machine-generated or humanly written (I have personally used these services to check its genuinity).
NOTE: There are other AI-Spotters, but before using them, you have to check their authenticity by writing a short paragraph yourself and checking against that AI-Model.
As more and more attack vectors are being developed on a daily basis, the hunt to tail them also parallelly evolves ;-)
