vOpenAI Credentials Stolen by the Thousands for Sale on the Dark Web

In a concerning development, cybercriminals have increasingly targeted generative artificial intelligence tools, with hundreds of thousands of OpenAI credentials now available for purchase on the dark web.

This trend highlights the growing threat posed by hackers who exploit these advanced technologies for malicious purposes. The availability of a malicious alternative to ChatGPT further underscores the potential dangers.

Hackers Tapping into GPT AI

Data from Flare, a threat exposure management company, revealed that mentions of ChatGPT on the dark web and Telegram surged over the past six months, exceeding 27,000 mentions.

 Researchers analyzing dark web forums and marketplaces found that OpenAI credentials have become a sought-after commodity. More than 200,000 OpenAI credentials were identified for sale, primarily in the form of stealer logs.

While this number may seem small compared to the estimated 100 million active users of ChatGPT in January, it indicates that cybercriminals see significant potential in generative AI tools for malicious activities.

A June report from cybersecurity firm Group-IB noted that over 100,000 ChatGPT account logs, obtained through info-stealing malware, were traded on illicit marketplaces.

The interest in these AI utilities has grown so much that cybercriminals have even developed a ChatGPT clone named WormGPT, specifically trained on malware-focused data. Advertised as the “best GPT alternative for blackhat” operations, WormGPT allows users to engage in illegal activities.

WormGPT is based on the GPT-J open-source large language model, developed in 2021, and produces human-like text. The developer claims that WormGPT was trained on a diverse set of data, with a particular focus on malware-related content, though specific datasets were not disclosed.

WormGPT Shows Potential for BEC Attacks

WormGPT Shows Potential for BEC Attacks

Researchers from email security provider SlashNext gained access to WormGPT and conducted tests to assess its potential threat. They focused on crafting messages suitable for business email compromise (BEC) attacks, a prevalent form of cybercrime that involves tricking employees into transferring money or sensitive information.

In one experiment, SlashNext instructed WormGPT to generate an email designed to pressure an unsuspecting account manager into paying a fraudulent invoice. The results were alarming: WormGPT created an email that was not only highly persuasive but also strategically cunning, demonstrating its potential for sophisticated phishing and BEC attacks.

SlashNext researchers noted that generative AI can significantly enhance BEC attacks. The impeccable grammar and coherence of AI-generated emails lend legitimacy to the messages, making them harder to detect as fraudulent.

Additionally, generative AI enables less skilled attackers to execute highly sophisticated attacks, raising the overall threat level.

To defend against this emerging threat, companies need to train employees on how to verify messages claiming urgent attention, especially those involving financial transactions.

Improving email verification processes, such as alerting for messages from outside the organization or flagging keywords associated with BEC attacks, can also help mitigate the risks.

As the use of generative AI in cybercrime continues to evolve, it is crucial for organizations to stay vigilant and adopt proactive measures to protect themselves from these sophisticated threats.

By Dale John

Dale John, age 37, is a seasoned writer with over a decade of experience specializing in the dark web and Tor network. With a deep commitment to providing private access to an uncensored internet, Dale's work is instrumental for human rights activists, journalists, and individuals living under oppressive regimes who need to access information and communicate securely. Dale's expertise is supported by a robust background in academic activities, including numerous publications and presentations at key conferences in the field of internet privacy and cybersecurity. Holding certifications in cybersecurity and digital privacy, Dale combines technical prowess with a passion for education, striving to raise awareness and understanding of the dark web's implications and potential. Dale is dedicated to maintaining a diverse patient population, ensuring her knowledge benefits a wide range of users seeking privacy solutions.

Leave a Reply

Your email address will not be published. Required fields are marked *