Skip to main content

Woburn, MA – September 29, 2023 – Kaspersky Digital Footprint Intelligence experts have uncovered a series of websites on the shadow internet that appear to be selling fake access to the malicious AI-tool WormGPT. These sites have phishing-like characteristics, including varying designs, pricing, currencies used for payment, and some require upfront payment for access to a trial version. This trend, while not an immediate threat to users, underscores the rising popularity of black-hat alternatives to GPT models and emphasizes the need for robust cybersecurity solutions.

The cybercriminal community has started leveraging AI capabilities to aid in its nefarious business, and the darknet currently provides a range of language models specifically designed for hacking purposes such as BEC (business email compromise), malware creation, phishing attacks, and beyond. One such model is WormGPT, a nefarious version of ChatGPT which, unlike its legitimate counterpart, lacks specific limitations, making it an effective tool for cybercriminals looking to carry out attacks such as business email compromise.

Phishers and scammers often exploit the popularity of certain products and brands, and WormGPT is no exception. On darknet forums and in illicit Telegram channels, Kaspersky experts have found websites and ads, which appear to be phishing sites, offering cybercriminals fake access to the malicious AI tool.

These websites differ significantly in several ways and are designed as typical phishing pages. They have different designs and pricing. Payment methods also vary, ranging from cryptocurrencies, as originally proposed by the author of WormGPT, to credit cards and bank transfers. Some of the pages advertise a trial version, but access is only granted after payment.

“In the dark web, it is impossible to distinguish malicious resources with absolute certainty,” Alisa Kulishenko, digital footprint analyst at Kaspersky. “However, there are many indirect pieces of evidence that suggest that the discovered websites are indeed phishing pages. It is a well-known fact that cybercriminals often deceive each other. However, recent phishing attempts may indicate the level of popularity of these malicious AI tools within the cybercriminal community. These models, to some extent, facilitate the automation of attacks, thereby emphasizing the increasing importance of trusted cybersecurity solutions.”

To avoid threats related to cybercriminal activities in the shadow segment of the internet, it is worth implementing the following security measures:

·       Use Kaspersky Digital Footprint Intelligence to help security analysts explore an adversary’s view of their company resources and promptly discover the potential attack vectors available to them. This also helps raise awareness about existing threats from cybercriminals in order to adjust your defenses accordingly or take counter and elimination measures timely.

·       Choose a reliable endpoint security solution such as Kaspersky Endpoint Security for Business that is equipped with behavior-based detection and anomaly control capabilities for effective protection against known and unknown threats.

·       Dedicated services can help combat high-profile attacks. The Kaspersky Managed Detection and Response service can help identify and stop intrusions in their early stages, before the perpetrators achieve their goals.  If you encounter an incident, Kaspersky Incident Response service will help you respond and minimize the consequences, for instance identify compromised nodes and protect the infrastructure from similar attacks in the future.


About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help over 220,000 corporate clients protect what matters most to them. Learn more at


WormGPT-mimicking phishing scams surface on the Darknet

Kaspersky Logo