WormGPT, a private chatbot service known for its uncensored and unrestricted approach to artificial intelligence (AI), is now implementing its own set of limitations on how the service can be used. Created by a 23-year-old Portuguese programmer and initially sold exclusively on HackForums, WormGPT was designed to enable users to engage in cybercrime activities, such as creating ransomware and phishing scams, without the usual restrictions imposed by other AI language models (LLMs) like ChatGPT and Google Bard.
The large language models developed by OpenAI, Google, and Microsoft have built-in safety measures to prevent their misuse for malicious purposes, such as the creation of malware or hate speech. However, WormGPT took a different route, positioning itself as an uncensored LLM specifically tailored for cybercriminal activities. The service was advertised on HackForums as a tool that allows anyone to engage in illegal activities and easily sell their creations online.
In July, cybersecurity firm SlashNext analyzed WormGPT and requested the creation of a “business email compromise” (BEC) phishing lure to test its capabilities. The results were concerning, as WormGPT generated an email that was not only persuasive but also strategically cunning, demonstrating its potential for sophisticated phishing and BEC attacks.
Further investigation into the creator’s posts on HackForums revealed a history of creating and using malicious software. Last, the handle chosen by the individual selling WormGPT, advertised other cybercriminal tools and services on the forum, indicating extensive experience in this field.
Last’s posts also revealed his original username, “ruiunashackers,” which led to a TikTok account associated with an Instagram account belonging to a Rafael Morais from Portugal. Morais confirmed his involvement with WormGPT and stated that only 30-35% of the work on the project was his, with other coders contributing as well. He claimed that WormGPT currently has around 200 paying customers and emphasized that he maintains the service to help the community rather than for monetary gain.
While WormGPT gained attention for its approach to enabling cybercrime activities, it is not the only AI model targeting cybercriminals. SlashNext identified a trend on cybercrime forums where users offer “jailbreaks” for interfaces like ChatGPT. These tailored prompts manipulate the AI model to generate outputs involving sensitive information, inappropriate content, or even harmful code.
Morais revealed that WormGPT uses the GPT-J 6B model and highlighted the size of the dataset that powers the service. He attributed his interest in coding and security to his experiences starting at a young age and his desire to turn away from blackhat activities and transition to whitehat endeavors.
In response to criticism and negative media coverage, WormGPT has attempted to clarify its position by stating that it is an uncensored AI rather than a malicious LLM. The service has imposed some restrictions, such as prohibiting discussions related to subjects like murder, drug trafficking, kidnapping, child pornography, ransomware, and financial crimes. However, Last confirmed on forums that WormGPT still has the capability to create malware that remains undetectable by most major antivirus software.
Despite the controversy surrounding WormGPT, Morais listed several legitimate or “white hat” uses for the service, including fixing website issues, addressing potential SQL problems, and providing reliable code, unlimited character count, and quick, accurate answers.
As WormGPT adapts to its users’ demands and the growing concerns about its potential for misuse, the service continues to evolve within the boundaries it sets for itself.