Malware & Phishing Awareness Tool (MPATool)
What is it About?
My project is focused on the increasingly relevant topic of General Purpose AI (GPAI) and Large Language Model (LLM) based social engineering attacks.
The goal is to show employees within corporate environments and students within educational environments the ease at which fake news and phishing material can be generated using GPAI.
The tool runs users through a prompt wizard designed to either generate a false news article relating to the user's inputs, or to generate a phishing email attempting to persuade the recipient to visit a malicious website - or download and run a mailcious file.
If the user/establishment wishes, they can avail of the web scraping functionality to format and influence the appearance of the LLM's output.
Through my research I have compared and contrasted a large variety of easily accessible Large Language Models that a threat actor would be most likely to use.
This research yielded the finding that Meta's Llama 3 was the most willing to generate malicious content.
This finding was particularly worrying as Llama 3 is freely accessible via Meta, and local-hosting services such as Ollama.
I have utilised the "Big 5" OCEAN personality model in order to allow training to be specified towards the stuent/employee.
Shown is a ficticious article claiming to come from Google. Less technologically aware users may be swayed by such an article that is clearly false to others.