HQ/EMEAFind out how we can help your business
FraudGPT, the newest AI tool available in the wild, has been discovered by security researchers being offered by a threat actor dubbed ‘CanadianKingpin.’ Labelled as an ‘AI bot’ designed exclusively for cyberattack purposes, FraudGPT has raised alarms among security experts. Its wide range of capabilities promised malicious actors to change the course of the ever-evolving cybercriminal community.
This malicious tool has the ability to craft spear phishing emails, write malicious codes, develop cracking tools, engage in carding, find system vulnerabilities, and more.
FraudGPT has been making rounds since July 22, 2023, captivating the internet’s dark corners with its offerings.
With a price of $200 per month, or $1,000 for six months and $1,700 for a year, this subscription service of the AI tool ensures a wide array of exclusive capabilities tailored without boundaries to suit any threat actor’s malicious objectives.
CanadianKingpin, the elusive actor behind FraudGPT, has boasted over 3,000 confirmed sales and reviews for the AI tool. The tool’s origins and the specific large language model (LLM) used in its development remain unknown, heightening the urgency for cybersecurity experts to unmask this threat.
FraudGPT’s emergence also raised suspicions about whether it could be a honeypot set up by authorities or a strategic move by a competing cybersecurity vendor. Whether it is a trap to identify cybercriminals or a ploy to gather intelligence on competitors remains uncertain.
These surfacing artificial intelligence tools intended for malicious purposes allow threat actors to seize opportunities and open doors to making cyberattacks easier, fueling their malevolent pursuits without restraint.
Further, these sophisticated tools enable the spread of phishing-as-a-service (PhaaS) and serve as a dangerous platform for aspiring cybercriminals to orchestrate large-scale phishing and business email compromise (BEC) attacks.
Though organisations can instil ChatGPT and similar technologies with ethical defences, it remains alarmingly easy for adversaries to replicate these tools without such restrictions. Therefore, implementing a robust defence-in-depth strategy supported by comprehensive security telemetry has become vital to identify and neutralise these rapidly-evolving threats.
