GhostGPT: The new Malicious Chatbot Empowering Cybercriminals

Threat actors now have a new tool in their arsenal: GhostGPT, an AI chatbot designed to support malicious activities such as malware creation, business email compromise (BEC) scams, and exploits. Unlike traditional AI chatbots, GhostGPT is uncensored, lacks ethical guardrails, and is marketed explicitly for cybercriminal purposes, as Abnormal Security reports.

GhostGPT circumvents ethical and safety restrictions inherent in conventional AI chatbots. “By eliminating the ethical and safety restrictions typically built into AI models, GhostGPT can provide direct, unfiltered answers to sensitive or harmful queries that would be blocked or flagged by traditional AI systems,” explain researchers from Abnormal Security. The chatbot’s uncensored nature allows it to produce outputs designed for cybercrime with ease, including phishing templates and malicious code.

This tool is marketed on underground forums and distributed through encrypted messaging services, allowing immediate and anonymous access. GhostGPT reportedly employs a wrapper to connect to a jailbroken version of ChatGPT or an open-source large language model (LLM), bypassing traditional guardrails.

A Growing Trend of Malicious AI Tools

GhostGPT is not the first AI chatbot tailored for malicious activities. Following OpenAI’s release of ChatGPT in November 2022, similar tools such as WormGPT and WolfGPT emerged. These chatbots exploit generative AI to simplify cybercrime, aligning with the broader cybercrime-as-a-service trend.

GhostGPT Capabilities and implications

Abnormal Security reports that GhostGPT offers several features that appeal to cybercriminals, including:

1. Uncensored Outputs: The chatbot generates malicious content without ethical restrictions.

2. Speed and Efficiency: It accelerates tasks like phishing campaign preparation and malware creation.

3. No-Logs Policy: User activity is not recorded, ensuring anonymity.

4. Ease of Access: Distributed as a Telegram bot, users can quickly gain access without complex setup.

The proliferation of tools like GhostGPT poses significant risks to businesses and individuals, enabling even unskilled threat actors to execute sophisticated attacks. Cybersecurity professionals urge users to adopt defensive AI tools to counter these threats. “Because these messages often slip past traditional filters, AI-powered security solutions are the only effective way to detect and block them,” reads an Security Boulevard article on the subject.