'DarkBERT' GPT-Based Malware Trains Up on the Entire Dark Web

The developer behind the FraudGPT malicious chatbot is readying even more sophisticated adversarial tools based on generative AI and Google's Bard technology — one of which will leverage a large language model (LLM) that uses as its knowledge base the entirety of the Dark Web itself. 

An ethical hacker who already had discovered another AI-based hacker tool, WormGPT, tipped off the researchers that the FraudGPT inventor — known on hacker forums as "CanadianKingpin12" — has more AI-based malicious chatbots in the works, according to SlashNext.

The forthcoming bots — dubbed DarkBART and DarkBERT — will arm threat actors with ChatGPT-like AI capabilities that go much further than existing cybercriminal genAI offerings, according to SlashNext. In a blog post published Aug. 1, the firm warned that the AIs will potentially lower the barrier of entry for would-be cybercriminals to develop sophisticated business email compromise (BEC) phishing campaigns, find and exploit zero-day vulnerabilities, probe for critical infrastructure weaknesses, create and distribute malware, and much more.

"The rapid progression from WormGPT to FraudGPT and now 'DarkBERT' in under a month underscores the significant influence of malicious AI on the cybersecurity and cybercrime landscape," SlashNext researcher Daniel Kelley wrote in the post..

DarkBART & DarkBERT: A New AI Generation

In terms of functionality, DarkBART will be a dark version of the Google BART AI, and the hackers said it will be based on a large language model (LLM) known as DarkBERT, which was created by South Korean data-intelligence firm S2W with the goal of actually fighting cybercrime. It's currently limited to academic researchers, which would make malicious access to it notable.

"The threat actor … claims to have gained access to DarkBERT," Kelley said, adding that when contacted via Telegram, CanadianKingpin12 shared a video demonstrating that his version of DarkBERT "underwent specialized training on a vast corpus of text from the Dark Web," Kelley wrote.

The malicious developer also claims his new bot ... can be integrated with Google Lens," Kelley added. "This integration enables the ability to send text accompanied by images." That's notable given that so far, ChatGPT-like offerings have been text-only.

The second adversarial tool, confusingly also named DarkBERT (but wholly separate from the Korean AI), will go even further by using the entire Dark Web as its LLM, giving threat actors access to the hive mind of the hacker underground for carrying out cyber threats. It will also have Google Lens integration, CanadianKingpin12 claims.

Rapidly Evolving Dark Web Generative AI

Kelley noted that the developers of adversarial AI tools, like their more benevolent counterparts, likely will soon offer application programming interface (API) access to the chatbots, which will allow for more seamless integration into cybercriminals' workflows and code and lower the barriers to entry for the cybercrime game. 

"Such progress raises significant concerns about potential consequences, as the use cases for this type of technology will likely become increasingly intricate," Kelley wrote.

This rapid progression also means that defense against the threats will require a proactive approach. In addition to typical training provided to enterprise employees to identify phishing attacks, organizations also should provide BEC-specific training to educate employees on the nature of these attacks and the role of AI, the researchers said. Moreover, enterprises also should enhance email verification measures to combat AI-driven threats, adding strict process and keyword-flagging to measures already in place. 

"As cyber threats evolve, cybersecurity strategies must continually adapt to counter emerging threats," Kelley wrote. "A proactive and educated approach will be our most potent weapon against AI-driven cybercrime."