From ChatGPT to GhostGPT: dark side of generative AI in cybercrime
GhostGPT is an uncensored generative AI chatbot, and is being used by cybercriminals for creating malware and phishing scams
Generative AI, which marks the future of artificial intelligence (AI), is unfortunately becoming an unprecedented threat to cybersecurity. The primary reason for this is the emergence of GhostGPT, a generative AI tool specifically designed for criminal activity.
The malicious chatbot was developed in late 2024 and empowers cybercrime activity by creating malware, crafting phishing emails, BEC scams and more. With its advanced offensive capabilities, even low-skilled criminals can cause bigger cybersecurity threats.
What is GhostGPT?
In simple words, this is a tool built for crime. Unlike mainstream AI models, such as ChatGPT, which are restricted by ethical safeguards, GhostGPT operates without any restrictions. Security analysts consider it either a jailbroken large language model (LLM) or an open-source AI stripped of safety protocols. This enables it to generate:
- Personalized phishing emails that mimic corporate tones and individual writing styles
- Realistic fake login pages to steal credentials
- Polymorphic malware that evolves to evade detection
- Step-by-step guides for attackers to manipulate vulnerabilities
- Doesn’t log interactions making attribution nearly impossible, enabling cybercriminals a dangerous layer of anonymity.
Supercharging phishing and malware
The top cyber threat is phishing with 84% of UK businesses affected by it in 2024 only. GhostGPT aggravates this by producing highly convincing scams in seconds without minimal effort.
In addition, the tools also lower barriers to sophisticated attacks. Previously, it took expertise skills and time to create polymorphic malware. However, novice hackers can now generate malicious code with the help of simple prompts.
A 2023 IBM study confirmed that LLMs are capable of producing functional malware with minimal input.
Future of cybercrime
While GhostGPT poses a severe challenge, its risks can be mitigated by regular patching, multi-factor authentication (MFA), and advanced employee training.
In addition, endpoint detection and response (EDR) and extended detection and response (XDR) can be deployed to identify anomalies. Leveraging threat intelligence can also be utilised for real-time monitoring of emerging attack methods.
-
Fans react to Cher's slipup in announcing Kendrick Lamar Grammy -
Elon Musk’s chilling AI prediction: Is Singularity near? -
‘Wildest party’: Elon Musk responds after his name surfaces in Epstein files -
Ashes of Creation future uncertain following mass layoffs and resignation -
Margot Robbie sparks open marriage rumors with 'Wuthering Heights' remark -
Hudson Williams shines as 'Heated Rivalry' gets Mark Carney's praise -
Viral 'Heated Rivalry' Canada fleece jacket finally getting official release -
What’s buzzing around China’s 'viral toy’: The 'crying horse' plushie's new craze