Rise of ChatGPT Cybercrime Revealed in 3,000 Dark Web Posts


Security researchers have observed a notable increase in discussions on the dark web regarding the illicit use of ChatGPT and other large language models (LLM), according to findings from Kaspersky’s Digital Footprint Intelligence service in 2023.

Nearly 3,000 posts on the dark web were identified, focusing on a range of cyber threats, from creating malicious chatbot versions to exploring alternative projects like XXXGPT and FraudGPT.

Although the peak of discussions occurred in March last year, ongoing discussions indicate sustained interest in exploiting AI technologies for illegal purposes.

According to data shared by Kaspersky with Information securityCybercriminals are actively exploring various schemes to implement ChatGPT and AI, including malware development and illicit use of language models.

“Threat actors are actively exploring various schemes to implement ChatGPT and AI. Topics frequently include malware development and other types of illicit use of language models, such as processing stolen user data, analyzing files from infected devices and beyond,” explained Alisa Kulishenko, digital footprint analyst at Kaspersky.

The security expert added that the prevalence of AI tools has also resulted in the incorporation of automated responses from ChatGPT or its equivalents in some cybercriminal forums.

“In addition, threat actors tend to share their jailbreaks through various dark web channels – special sets of prompts that can unlock additional features – and devise ways to exploit legitimate tools, such as those intended penetration testing, based on models for malicious purposes. » said Koulishenko.

Learn more about ChatGPT-enabled attacks: New ChatGPT Attack Technique Spreads Malicious Packages

Another worrying aspect revealed by Kaspersky is the marketplace for stolen ChatGPT accounts, with an additional 3,000 posts advertising the sale of these accounts on the dark web. This market poses a significant threat to users and businesseswith posts distributing stolen accounts or promoting auto-registration services that mass create accounts on demand.

In response to these findings, Kaspersky recommended implementing reliable endpoint security solutions and dedicated services to combat large-scale attacks and minimize potential consequences.

Image credit: photos from / Shutterstock.com

Share This Article
Leave a comment