Hackers are using an uncensored chatbot dubbed GhostGPT to help write malware, highlighting how AI can be twisted to "illegal activities".
That's according to Abnormal Security, which laid out details of GhostGPT in a blog post, saying the chatbot lacks the guardrails of standard AI tools such as ChatGPT, making it a helpful tool for cyber criminals.
It's not the first hackbot-as-a-service, however. WormGPT arrived in 2023 offering a similar chatbot subscription service for writing phishing emails and business email compromise attacks.
That, Abnormal Security noted, was followed by WolfGPT and EscapeGPT, suggesting GhostGPT is a sign malicious actors see value in AI helping them commit cyber crime.
The security company explained that GhostGPT was specifically designed for cyber crime purposes and that enterprises should be wary of its potential looking ahead.
"It likely uses a wrapper to connect to a jailbroken version of ChatGPT or an open source large language model (LLM), effectively removing any ethical safeguards," the blogpost explained.
"By eliminating the ethical and safety restrictions typically built into AI models, GhostGPT can provide direct, unfiltered answers to sensitive or harmful queries that would be blocked or flagged by traditional AI systems."
What can GhostGPT do?
Abnormal shared a screenshot of an advertisement for the GhostGPT service that claimed the chatbot was fast and easy-to-use, offered uncensored responses, and had a strict no-logs policy, saying "protecting our users' privacy is our top priority."
Abnormal noted that GhostGPT was marketed for coding, malware creation, and exploit development, but could also be used to write material for business email compromise (BEC) scams. The advertisement noted its various features make GhostGPT "a valuable tool for cybersecurity and various other applications."
"While its promotional materials mention "cybersecurity" as a possible use, this claim is hard to believe, given its availability on cyber crime forums and its focus on BEC scams," the Abnormal post added.
"Such disclaimers seem like a weak attempt to dodge legal accountability — nothing new in the cybercrime world."
Indeed, Abnormal's researchers asked GhostGPT to write a phishing email; it outputted a template that could be used to trick victims.
Easy access for all hackers
GhostGPT is accessible as a Telegram bot, making it easy for attackers to make use of without having technical skills or taking the time to set up their own systems, Abnormal noted.
"Because it’s available as a Telegram bot, there is no need to jailbreak ChatGPT or set up an open source model," the blog post noted. " Users can pay a fee, gain immediate access, and focus directly on executing their attacks."
A report in DarkReading noted that prices for GhostGPT were relatively cheap, too: $50 for a week, $150 for a month, and $300 for three months.
Fresh challenge for security
By lowering the barrier of entry to would-be hackers, such chatbots make it easier for cyber criminals without extensive skills to attack anyone — potentially sparking a real challenge for personal and organizational security.
RELATED WHITEPAPER
Chatbots also make it faster and easier to launch cyber crime campaigns by enabling threat actors to create more effective malware, realistic-looking phishing emails, and so on.
"With its ability to deliver insights without limitations, GhostGPT serves as a powerful tool for those seeking to exploit AI for malicious purposes," Abnormal said.
Because cyber criminals are shifting to AI, so too must security professionals, says Abnormal, as tools like GhostGPT will make it easier to slip phishing emails and malware past traditional filters.
-
What businesses need to know about data sovereigntyWithout a firm strategy for data sovereignty, businesses put their data and reputations at risk
-
Anthropic says MCP will stay 'open, neutral, and community-driven' after donating project to Linux FoundationNews The AAIF aims to standardize agentic AI development and create an open ecosystem for developers
-
Chinese hackers are using ‘stealthy and resilient’ Brickstorm malware to target VMware servers and hide in networks for months at a timeNews Organizations, particularly in the critical infrastructure, government services, and facilities and IT sectors, need to be wary of Brickstorm
-
The Scattered Lapsus$ Hunters group is targeting Zendesk customers – here’s what you need to knowNews The group appears to be infecting support and help-desk personnel with remote access trojans and other forms of malware
-
Shai-Hulud malware is back with a vengeance and has hit more than 19,000 GitHub repositories so far — here's what developers need to knowNews The malware has compromised more than 700 widely-used npm packages, and is spreading fast
-
The US, UK, and Australia just imposed sanctions on a Russian cyber crime group – 'we are exposing their dark networks and going after those responsible'News Media Land offers 'bulletproof' hosting services used for ransomware and DDoS attacks around the world
-
Europol hails triple takedown with Rhadamanthys, VenomRAT, and Elysium sting operationsNews The Rhadamanthys infostealer operation is one of the latest victims of Europol's Operation Endgame, with more than a thousand servers taken down
-
Small businesses can't get cyber strategies up and running – here's whyNews SMBs are turning to outside help to shore up security as internal strategies fall flat
-
Hackers are using these malicious npm packages to target developers on Windows, macOS, and Linux systems – here’s how to stay safeNews Security experts have issued a warning to developers after ten malicious npm packages were found to deliver infostealer malware across Windows, Linux, and macOS systems.
-
Using AI to code? Watch your security debtnews Black Duck research shows faster development may be causing risks for companies
