Full Report
Researchers from Abnormal Security discovered an advert for the chatbot on a cybercrime forum and tested its capabilities by asking it to create a DocuSign phishing email.
Analysis Summary
# Tool/Technique: GhostGPT
## Overview
GhostGPT is a newly discovered malicious chatbot advertised on cybercrime forums, designed to generate materials for illegal activities, including malware generation, exploit development, and sophisticated Business Email Compromise (BEC) scams. It functions by likely using a wrapper to connect to an intentionally "jailbroken" version of a foundational Large Language Model (LLM) like OpenAI's ChatGPT, allowing it to bypass typical safety guardrails.
## Technical Details
- Type: Tool (Malicious AI Chatbot)
- Platform: Accessible via the encrypted messenger app Telegram; operates without requiring suspicious software installation on the user's device.
- Capabilities: Generating malware, writing convincing BEC emails, exploit development, coding assistance for illicit purposes.
- First Seen: Recently discovered and advertised on cybercrime forums (Date not specified, but context suggests post-2023 activity).
## MITRE ATT&CK Mapping
As an offensive preparatory tool used to assist in the planning and creation phases of an attack, its primary mappings relate to the creation of artifacts:
- TA0001 - Initial Access
- T1566 - Phishing
- T1566.001 - Spearphishing Attachment (Used to generate phishing content)
- TA0002 - Execution
- T1059 - Command and Scripting Interpreter (Used to generate scripts/code/malware)
- TA0005 - Defense Evasion
- T1027 - Obfuscated Files or Information (Used to generate obfuscated code or convincing pretext)
## Functionality
### Core Capabilities
- **Malware Generation and Coding:** Assisting attackers in developing malicious code and writing exploits.
- **BEC Scam Content Creation:** Generating highly convincing email templates for BEC attacks, including placeholders for malicious information (e.g., "Fake Support Number").
- **Fast Processing:** Advertised for rapid attack campaign execution.
### Advanced Features
- **Anonymity Focus:** Advertises that user activity is not logged, appealing to privacy-conscious criminals.
- **Ease of Access:** Accessible directly through Telegram, removing the need for users to craft complex jailbreak prompts or set up local open-source LLMs.
- **Illicit Focus:** Operates stripped of standard LLM safety restrictions, making it dedicated to criminal use cases.
## Indicators of Compromise
As this is a malicious *service* rather than traditional malware, the primary indicators relate to the service itself and the outputs it generates:
- File Hashes: N/A (Service-based tool)
- File Names: N/A
- Registry Keys: N/A
- Network Indicators: Access provided via the Telegram platform.
- Behavioral Indicators: Generation of phishing emails, requests for malware code, or exploit payloads. Reports indicate AI-generated emails (some potentially from tools like GhostGPT) show an increase in BEC attacks.
## Associated Threat Actors
Threat actors interested in rapidly developing malicious payloads, BEC content, and those valuing ease of access and non-logging capabilities. The tool appears to target a broad criminal base aware of LLMs, including those focused on ransomware and email fraud.
## Detection Methods
Detection focuses on the *usage* and *output* of the tool rather than signature detection of a static binary:
- Signature-based detection: Not applicable for the web service itself.
- Behavioral detection: Monitoring internal enterprise communications for highly polished, rapidly generated BEC emails, especially those exhibiting minor grammatical inconsistencies or unusual urgency associated with AI generation. Monitoring internal developer environments for requests to compile potentially malicious code snippets derived from LLM interactions.
- YARA rules: Not applicable.
## Mitigation Strategies
- Prevention measures: Monitoring employee interactions with known malicious LLMs or suspicious third-party AI services if accessed via corporate proxies.
- Hardening recommendations: Implementing robust email gateway filtering that specifically flags content matching characteristics of AI-generated BEC templates, even if grammar is perfect. Educating users that AI-generated phishing emails are a growing threat vector.
## Related Tools/Techniques
GhostGPT belongs to a class of jailbroken or privately trained malicious LLMs that emerged following the popularization of models like ChatGPT:
- WormGPT
- WolfGPT
- EscapeGPT
- FraudGPT (A prominent predecessor discussed publicly)
- DarkBard
- Dark Gemini