WormGPT: The New Face of AI-Powered Cybercrime


Imagine this. An email lands in the inbox of a diligent financial officer at a mid-size company. It appears to be from the CEO – the email address checks out, the tone is spot on, and it’s filled with specific references only the CEO would know. The email urgently requests a wire transfer to a new vendor, providing convincing reasons for the sudden change.

A little puzzled but not suspecting foul play, the financial officer initiates the transfer, unknowingly diverting funds straight into a cybercriminal’s pocket. It’s only when she later speaks to the CEO about the strange request that she realizes they’ve been scammed.

No, this wasn’t the work of a sophisticated human con artist, spending countless hours understanding the company and its CEO. This was the handiwork of WormGPT, an advanced AI module. Its frightening ability to craft personalized and compelling business email compromise (BEC) attacks is driving a new wave of cybercrime that’s increasingly harder to detect and prevent. The arrival of WormGPT in the cybercrime scene offers a chilling reminder of the potential misuse of AI, underscoring the urgent need for robust cybersecurity measures.

While the example above is hypothetical, it highlights the dangers of the new era of cybersecurity we’re entering – AI is now just as dangerous as the criminals wielding it.

What is WormGPT?

The rise of WormGPT as a tool for cybercrime has severe implications for digital security. This technology breaches laws on hacking, data theft, and other illicit activities. The potential for harm is significant, from crafting malware and orchestrating phishing attacks to enabling sophisticated cyberattacks that can cause extensive damage to systems and networks.

WormGPT equips cybercriminals with the ability to easily execute illegal activities, thus jeopardizing the safety of innocent individuals and organizations.

Some key points to understand about WormGPT are:

  • It’s a blackhat alternative to GPT models, explicitly crafted for malicious activities.
  • The tool uses the open-source GPT-J language model developed by EleutherAI.
  • WormGPT allows even novice cybercriminals to launch attacks swiftly and at scale without having the technical knowledge.
  • WormGPT operates without any ethical guardrails, which means it doesn’t restrict any malicious requests.
  • The developer of WormGPT is selling access to the tool on a popular hacking forum.

But how does WormGPT work? The tool generates human-like text, complete with flawless grammar, coherent structure, and contextual understanding. It can take a simple input—such as a prompt to create a BEC email—and churn out a detailed, personalized, and highly convincing output. What makes WormGPT truly alarming is its ability to produce content virtually indistinguishable from text written by a human.

The core of WormGPT’s operations lies in the power of generative AI. Generative AI models are built to create new, unique outputs, from coherent text to realistic images. They take in vast amounts of data and learn patterns, styles, and nuances. Once trained, they can generate their own content, mirroring the complexity and creativity of the input data.

Now, think of generative AI in the context of WormGPT. When fed diverse data sources, especially malware-related data, WormGPT learns and mimics the style, context, and technical details needed to craft convincing malicious emails. It’s like giving a scam artist the ability to impersonate any individual or style of communication, which is precisely why WormGPT is deeply concerning. It takes the potential of generative AI and twists it into a tool for streamlined, effective cybercrime.

AI: A New Weapon for Cybercriminals

AI is becoming a game-changer for cybercrime. Why? Here’s the breakdown:

  • Ease of Use: AI eliminates the need for expert-level skills. Now, even a novice cybercriminal can launch sophisticated attacks with the help of AI tools.
  • Deception: With AI, cybercriminals can create highly personalized and seemingly legitimate emails, increasing the chances of deceiving the recipient.
  • Scalability: AI can carry out attacks on a massive scale. Cybercriminals can target thousands, even millions, of individuals or systems simultaneously, which would be impossible for humans to do manually.
  • Speed: AI systems can operate at a much faster pace than humans. This speed makes it possible for cybercriminals to execute large-scale attacks in a fraction of the time it would take a human attacker.
  • Reduced Risk: Using AI distances the criminal from the crime, making it harder to trace back to the original perpetrator. This added layer of anonymity can embolden cybercriminals to carry out more audacious attacks.
  • Cost-effective: Over time, using AI can be more cost-effective for cybercriminals. While there may be an initial investment to acquire or develop the AI, the automation of attacks can lead to higher returns in the long run.

We’ve already seen a surge in cybercriminals using AI to launch a variety of cyberattacks. For example, hackers leveraged AI to modify the Lockbit 3.0 ransomware. This ransomware, dubbed one of the most notorious threats worldwide, targets computers across industries. Notably, numerous semiconductor firms in Taiwan have fallen victim to its ransom demands. And more generally, hackers are leveraging AI in Advanced Persistent Threats (APTs), Deepfake Attacks, AI-Powered Malware, phishing attacks, and more.

So, how does WormGPT fit into this picture? Unlike ethical generative AI models like ChatGPT, WormGPT doesn’t have safeguards. It’s a tool with no leash, no brakes, explicitly designed for malicious intent. While ChatGPT is programmed to refuse to generate content encouraging harmful or illegal activities, WormGPT faces no such restrictions.

How Are Cybercriminals Using WormGPT?

Bad actors are primarily using WormGPT to create highly compelling BEC phishing emails, but its uses go beyond this. SlashNext, the firm blowing the whistle on WormGPT, found that WormGPT can also produce malware written in Python and provide tips on crafting malicious attacks.

However, there’s a bright side: WormGPT isn’t cheap, potentially limiting its widespread misuse. The developer is selling access to the bot for 60 Euros per month or 550 Euros per year. It’s also been criticized for weak performance, with one buyer noting that the program is “not worth any dime”.


Now, let’s have a quick fire round of everything else you need to know about WormGPT.

How concerned should we be about WormGPT?

The rise of WormGPT represents a new and concerning era for cybercrime, indicative of the increasing sophistication of tools used for illicit activities. Over time, WormGPT and similar tools will likely evolve, becoming more capable and versatile. While it’s difficult to predict the exact scale and nature of the threat posed by WormGPT, its potential for facilitating large-scale, rapid, and sophisticated cyberattacks means we should approach it seriously.

Does WormGPT have any uses beyond cybercrime?

No, WormGPT was explicitly designed and optimized for malicious activities, primarily in cybercrime. While technically, it could be repurposed, its original design and current use focus on unethical and illegal actions, making it unlikely to be employed for legitimate purposes.

What is the most harmful aspect of WormGPT?

The most harmful aspect of WormGPT lies in the speed and volume of malicious content it can generate. Given the ability of language models to create text rapidly, this tool equips even novice cybercriminals with the capability to execute extensive cyberattacks such as phishing emails. This automation and ease of use significantly increase the scale and reach of potential attacks, making WormGPT particularly dangerous.

How Did WormGPT come to be so dangerous?

WormGPT’s potency stems from its roots in the open-source GPT-J model developed by EleutherAI in 2021. The developer took this already powerful language model and trained it specifically on data concerning malware creation. The resultant WormGPT is a specialized, maliciously focused tool that leverages advanced AI capabilities to aid in cybercrime.

How popular will WormGPT become?

Predicting the popularity of WormGPT is complex. While its capabilities could appeal to cyber criminals, the high cost of access may deter many. Moreover, we’re witnessing a rise in “jailbreaks” for mainstream generative AI tools like ChatGPT and Google’s Bard. These “jailbreaks” are specialized prompts that disable the safeguards on these tools, enabling them to generate malicious content. For instance, a “jailbreak” might manipulate ChatGPT into developing phishing emails or harmful code. Therefore, some cybercriminals may prefer these cheaper or free alternatives to a dedicated tool like WormGPT.

Why Phishing Emails Continue to Fuel BEC Attacks

  • Human Vulnerability: Despite technological advances, the human element remains a weak link in cybersecurity. Phishing emails often exploit basic human traits such as trust and curiosity, luring individuals into clicking on malicious links or sharing sensitive information.
  • Widespread Email Usage: Email remains one of the most prevalent modes of business communication, offering cybercriminals a broad attack surface. Every employee with an email account represents a potential entry point for attackers.
  • Profitable for Cybercriminals: Phishing is a lucrative business for cybercriminals, especially BEC attacks where the financial returns can be substantial. This profitability ensures that such attacks continue to be a favored strategy for cybercriminals.

Wrapping Up

WormGPT signifies a distressing advancement in cybercrime, weaponizing AI to automate malevolence. Its rise highlights the urgent need for a transformative shift in cybersecurity strategies. In this relentless race against AI-driven threats, proactive defenses, continuous learning, and cutting-edge technological adaptation are no longer optional but crucial.

Try Portnox Cloud for Free Today

Gain access to all of Portnox's powerful zero trust access control free capabilities for 30 days!