Meet SpamGPT and MatrixPDF, AI Toolkits Driving Malware Attacks


A new trend lately observed in the world of cybercrime is the demand for user-friendly, plug-and-play tools that make it easier for people with little tech know-how to launch major attacks. Two such dangerous platforms have been reported by the end-to-end data security provider, Varonis, which shared its findings with Hackread.com.

MatrixPDF

One of the new tools, called MatrixPDF, takes the usual (Portable Document Format) PDF file and transforms it into a malicious one, a fully functioning malware, in this case. As we know, PDF files are generally more trusted and can easily evade normal email security checks, like those in Gmail.

However, MatrixPDF lets attackers add malicious features to a legitimate PDF file, such as blurry content overlays and fake prompts that say “Open Secure Document.”

MatrixPDF builder and Malicious PDF with blurred content (Image credit: Varonis)

When a victim opens the file and clicks the prompt, the harmless-looking document can start stealing sensitive data like login details or installing a harmful payload. This occurs because the file contains small scripts and an external link, which bypasses initial email scans.

In other scenarios, the document may use scripts to automatically connect to a malicious site when opened in a desktop reader, relying on the user to carelessly click “Allow” on a security pop-up to begin a download.

SpamGPT

Varonis researchers identified another tool, SpamGPT, which is marketed as an all-in-one spam-as-a-service platform. This system uses AI (Artificial Intelligence), specifically an AI assistant dubbed ‘KaliGPT,’ to make mass email campaigns extremely effective.

This platform lets even newbie attackers quickly set up and run large phishing campaigns using its AI assistant to write effective scam emails. It copies the look and feel of professional marketing dashboards, allowing operators to manage campaigns, track results, and check if an email lands in the inbox or the spam folder.

New Plug-and-Play Tools MatrixPDF and SpamGPT Make Phishing Simple for Everyone
SpamGPT’s AI-powered dashboard and SpamGPT’s official advertisement (Image credit: Varonis)

More importantly, this toolkit doesn’t just send bulk email; it is fine-tuned for deliverability by abusing trusted cloud services like Amazon AWS to appear as legitimate mail.

It also automates “inbox placement tests” to see if messages bypass filters before launching the attack, researchers explained. Additionally, the platform provides training on how to acquire compromised email servers and supports the spoofing of sender identities to lower the technical barrier for criminals to run large-scale operations.

It is worth noting that while malicious alternatives of ChatGPT, like FraudGPT and WormGPT, are already out there, the emergence of these platforms signals a new era of risk. Varonis researcher Daniel Kelley points out that, “these powerful next-gen plug-and-play tools require little know-how and become especially potent when combined.”

These findings may redefine online security, making AI-powered email security solutions a necessity as these inspect links for bad intent and use a safe, virtual environment (a cloud sandbox) to find hidden malicious actions. To stay safe, never click “Open Secure Document” in an unexpected file preview, and always enable multi-factor authentication.





Source link

About Cybernoz

Security researcher and threat analyst with expertise in malware analysis and incident response.