OtherMedium

WormGPT and FraudGPT malicious LLMs sold for cybercrime

July 2023  ·  Underground LLM services

What happened

SlashNext disclosed WormGPT, a GPT-J-based blackhat alternative to ChatGPT marketed on criminal forums and used to generate persuasive business-email-compromise lures. FraudGPT surfaced days later on dark-web and Telegram channels, with researchers linking the two to likely the same operator.

Root cause

Open-source base models with safety guardrails removed, then packaged and sold as subscriptions, lowered the skill barrier for generating phishing and fraud content at scale.

Fix / outcome

Not a vendor bug. The original WormGPT shut down after media attention, but the malicious-LLM-as-a-service market persisted under new names. Pricing and sales figures come from seller marketing.

Sources

SlashNext (discoverer)

Learn this attack class

This incident is an example of Other. Read the guide, then try it hands-on in the Academy.

Read the guide →

← Back to the Incident Database