Threat Actor Claims Leak of Cybercrime-Focused AI Platform WormGPT Database

A threat actor operating under the alias Sythe has claimed responsibility for leaking the complete WormGPT database, a notorious cybercrime-focused artificial intelligence platform that has been sold on dark web forums since 2023.

Hackmanac observed that the alleged breach reportedly exposed sensitive information linked to more than 19,000 users, including email addresses, user IDs, and subscription and billing metadata.

WormGPT is a malicious AI tool built on the GPT-J language model developed in 2021, specifically designed to operate without the ethical boundaries and content restrictions found in legitimate AI platforms like ChatGPT.

The platform has been trained on malware-related datasets and offers features including unlimited character support, chat memory retention, and code formatting capabilities.

Unlike mainstream AI tools that implement strict content filters, WormGPT was explicitly created for cybercriminal activities. The platform has been advertised on underground hacking forums since June 2023, offering subscription-based access through the dark web.

Users could select from different AI models tailored for general or specialized malicious uses, with advanced features like context memory for ongoing conversations and coding formatting tools.

Capabilities and Threats

WormGPT has demonstrated alarming capabilities that pose significant cybersecurity risks. The platform excels at generating highly convincing phishing emails that can trick victims into revealing sensitive information or downloading malware.

Security researchers who tested the tool found it produced emails that were “remarkably persuasive” and “strategically cunning,” showcasing its potential for sophisticated business email compromise (BEC) attacks.

Beyond phishing, WormGPT can generate malicious code, including ransomware scripts, spyware, and exploit code for SQL injection, cross-site scripting, and buffer overflow vulnerabilities.

The platform can also create deceptive web forms, obfuscate malicious code, and provide multilingual social engineering support, expanding the reach of cybercriminal operations without requiring advanced technical skills or language proficiency.

The leaked database containing information from over 19,000 users represents a significant development in the cybercrime ecosystem.

The exposure of email addresses, user IDs, and billing metadata could provide law enforcement agencies with valuable intelligence about individuals engaged in cybercriminal activities. However, it also raises concerns about potential retaliatory attacks or further exploitation of the exposed information.

Former black hat hacker Daniel Kelley, who analyzed WormGPT in 2023, warned that the tool enables even novice cybercriminals to launch sophisticated attacks swiftly and at scale without requiring extensive technical expertise.

The platform’s ability to automate and accelerate cybercrime represents a concerning evolution in the threat landscape, demonstrating how generative AI technology can be weaponized for malicious purposes.

As cybersecurity professionals continue to monitor the fallout from this alleged breach, organizations are advised to remain vigilant against AI-powered phishing attempts and social engineering attacks that may have been facilitated by platforms such as WormGPT.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.