So far in our comprehensive guide to passkeys, we’ve covered how to ditch passwords on popular combinations of Android, iOS, macOS, and Windows smartphones and computers. This post focuses on important specific cases:

• One-time sign-ins to your account from someone else’s device
• Tips for frequent computer and smartphone switchers
• Ways to secure your account when backup password sign-in is enabled
• Potential issues when traveling internationally
• What happens when using niche browsers and operating systems

How to use passkeys on public or shared computers?

What if you need to sign in to your passkey-protected account from a library, an airport computer, or a relative’s home? Don’t rush to remember your backup password.

Start the sign-in process on the computer: enter your username and, if prompted, click Sign in with passkey. A QR code will appear on the screen for you to scan with the smartphone that stores your passkey. If the scan is successful, the QR code will disappear, and you’ll be signed in to your account.

Several factors must align for this seemingly simple process to proceed smoothly:

• The computer must support Bluetooth Low Energy (BLE), which verifies that your smartphone and the computer are indeed nearby.
• The computer’s operating system and browser must support passkeys.
• Both the computer and your smartphone need a reliable internet connection.

How to save passkeys to a hardware security key?

You might find using passkeys via QR codes inconvenient if you frequently access your accounts from different devices. If that’s the case, you can store your passkeys not on your computer or smartphone, but on a USB hardware security key — such as a YubiKey, Google Titan Security Key, or a similar device — for secure website sign-in. When you create a passkey, just choose to save it to your hardware key. Then you can sign in to your account from any computer or smartphone by plugging in that security token.

Just make sure it has the right combination of ports (USB-A, USB-C, Lightning) or NFC support to work with all your devices. Some token models even include a fingerprint scanner, which provides an extra layer of protection against account hijacking if your device is stolen or lost.

Unfortunately, there’s a catch: many older and popular token models can store a maximum of only 25 passkeys. Only a few advanced models — like the YubiKey with firmware version 5.7 — have raised this limit to 100.

Additionally, operating system developers view passkeys as a great opportunity to tie users more closely to their ecosystems. By default, depending on your smartphone, you’ll likely be prompted to save your passkey to either iCloud Keychain or Google Password Manager. As a result, the option to use a hardware security key might be hidden deep within the interface.

To create a passkey on a hardware token, you’ll often need to click the not-so-obvious Other options link on macOS/iOS, or Different device on Android, to select the hardware key option.

How to transfer passkeys between iOS and Android?

The biggest headache right now is if you store all your passkeys in your smartphone’s default storage and you want to switch ecosystems — moving from Android to iOS or vice versa. Currently, none of the three major OS developers — Google, Apple, or Microsoft — let you directly transfer passkeys. That’s because no one can guarantee the process will be secure. Both Apple and Google are working on implementing this feature in the future, but if you decide to swap devices today — say, from an iPhone to a Google Pixel — transferring your passkeys won’t be straightforward.

• First, you’ll need to sign in to the account protected by a passkey on your new device. You can do this either by using your good old password (if it’s still enabled), or by scanning a QR code with your old device that has the active passkey.
• Next, you’ll need to create and save a new passkey on your new device. Yes, you can have multiple passkeys for each website or online service.
• Finally, if you plan to get rid of your old gadget, you’ll need to delete the old passkey from it.

To avoid this hassle, it’s best to use a third-party password and passkey manager right from the get-go. With Kaspersky Password Manager, passkey support is already available on Windows, with Android support planned for July, and iOS and macOS support — for August 2025.

How to protect an account with a passkey from being hacked using a backup password?

Most online services that offer to switch to passkeys don’t disable other sign-in methods. If your account was protected by a weak or compromised password before you switched to a passkey, cybercriminals can still bypass your shiny new passkey by simply signing in with that old password.

Creating a passkey for an account that still has a weak password is like installing a bulletproof front door while leaving the flimsy back door unlocked with the key hidden under the mat.

That’s why, before you enable passkeys for any online service, we strongly recommend changing your password as well. Since you won’t be typing this password every day — it’s just a backup for your passkey-protected account — you can really go wild with its complexity. We’re talking strong passwords that are 16 characters or longer, and mixing up letters, numbers, and special characters. These are practically uncrackable. Ideally, generate and save that robust password in the same password manager where you’re planning to store your passkeys. Don’t rely on AI models to generate complex passwords. Our recent research revealed that while these passwords might look complex, LLMs tend to favor certain characters for no obvious reason when creating passwords, which makes their output surprisingly predictable.

Passkey drawbacks?

The underlying WebAuthn standard that powers passkeys can be implemented quite differently across browsers and operating systems. Websites often adopt these capabilities in their own unique ways. This can lead to frustrating challenges — even for tech-savvy users. Here are a few examples of this:

• When creating passkeys, standard Windows prompts give you plenty of options for where and how to save them. By default, Windows saves passkeys in secure local storage on your computer. If you forget to select your password manager as the save location, that passkey won’t be available on your other devices.
• Many online services like Kayak or AliExpress have dozens of regional versions, with each one being a separate website: .com, .com.tr, .co.uk, etc. If you create a passkey for, say, your local site, and then for some reason try to access the same online service in a different region, it’s highly likely you won’t be able to sign in with that passkey.
• Some websites don’t support creating or signing in with passkeys when using Firefox, regardless of the platform. In reality, there’s no technical incompatibility here, and simple tricks can resolve the issue, but it’s unclear why users should have to resort to these workarounds.
• Some Apple users have reported that all their previously saved passkeys periodically disappear from their Keychain, while certain Android users can’t activate passkeys without re-flashing or factory-resetting their devices.

Any one of these situations is made worse by the fact that errors when creating or signing in with passkeys are either not mentioned at all in help documentation, or described very vaguely. It’s often completely unclear how to fix the problem. However, when passkey issues arise, websites almost always offer a backup option, such as sending a one-time access code to your email.

Despite these challenges, a passwordless future with passkeys is on the horizon. We recommend getting ready now by creating passkeys wherever possible, saving them in your password manager, and remembering to check and update your passwords and contact information on websites to make sure you can recover access if your passkeys ever give you trouble.

Want to read more about passwords and passkeys?

• 16 billion passwords leaked: what should I do?
• Lessons learned from the trojanized KeePass incident
• Kaspersky Password Manager gets a new look
• Passkeys for your Google account: what, where, how, and why
• Password standards: 2024 requirements

Kaspersky official blog – ​Read More

Digitalization of business – especially in the small and medium-sized segment – allows for quick upscaling, better customer service, and entry into new markets. On the downside, digitalization amplifies the damage caused by a cyberattack, and complicates the recovery process. Given that company resources are always limited, which attacks should be deflected first?

To answer this question, we studied the INTERPOL Africa Cyberthreat Assessment Report 2025. The document is useful because it collates police cybercrime statistics and data from information security companies – including Kaspersky – allowing us to compare the number and types of attacks with the actual damage they caused. This data can be used to build a company’s information security strategy.

Average ranking of cybercrime types by reported financial impact across African subregions, based on INTERPOL member country data. Source

Targeted online fraud

Fraudulent operations were the clear leader in terms of damage caused across the continent. They’re gaining momentum in line with the rising popularity of mobile banking, digital commerce, and social media. In addition to mass phishing aimed at personal and payment data theft, targeted attacks are growing at a rapid rate. Scammers are grooming potential victims in messenger apps for months, building trust and guiding them into a money extortion scheme – for example, a fake cryptocurrency investment. Such schemes often exploit romantic relationships and are therefore called romance scams, but there are other variations. In Nigeria and Ivory Coast, for example, scammers were arrested for attacking small media platforms and advertising agencies. Posing as advertisers, they stole almost 1.5 million U.S. dollars from victims.

The fact that 93% of Africans use plain old WhatsApp rather than corporate communication tools for work significantly boosts the success rate of attacks on employees and company owners.

Ransomware incidents

Press headlines may give the impression that ransomware operators mainly target large organizations, but the statistics in the report debunk this theory – showing that both the number of attacks and the actual financial damage caused are significant across all business segments. What’s more, there’s a direct link between the level of digitalization and the number of attacks. So, if a company observes an overall increase in “digitized” business activity in its market segment, the threat level is sure to rise accordingly. In Africa, “affiliates” of the largest and most dangerous ransomware-as-a-service platforms – such as LockBit and Hunters International – are responsible for major incidents on a national scale.

Among the main ransomware incidents in Africa – hardly known about outside the continent – we highlight the following: the theft of $7 million from Nigerian fintech company Flutterwave; attacks on Cameroonian electricity supplier ENEO; a large-scale ransomware attack to exfiltrate data from Telecom Namibia; and the targeting of South Africa’s National Health Laboratory Service (NHLS), which led to canceled operations and the loss of millions of lab test results.

Banking Trojans and infostealers

Although the direct losses from banking Trojans and infostealers fell outside the top-three in terms of damage, it’s the “successes” of this criminal industry that have a direct impact on the number and severity of other attacks – primarily ransomware and business email compromise (BEC). After stealing what credentials they can from thousands of users with infostealers, attackers filter and group them by various criteria, then sell curated sets of accounts on the illicit market. This allows other criminals to buy passwords to infiltrate organizations of interest to them.

Business email compromise

For small and medium businesses mainly using public services like Gmail or Office 365, infection with an infostealer gives attackers full access to corporate correspondence and business operations. The attackers can then exploit this to trick customers and counterparties into paying for goods and services to a fraudulent account. BEC attacks have a firm hold at the top of the damage charts, and small businesses can fall victim to them in two ways. First, cybercriminals can extract money from larger clients or partners by impersonating the compromised small business. Second, it’s easier with a small business to persuade the owner or accountant to transfer money than it is with a large organization.

There are several large criminal syndicates based in Africa that are responsible for international BEC operations causing multi-billion-dollar damage. Their targets also include African organizations — primarily those in the financial and international trade sectors.

How to protect business from cyberthreats

To effectively counter digital threats, law enforcement agencies need to share data with commercial information security companies that harness telemetry to identify threat distribution hotspots. Recent successes of such partnerships include operations Serengeti (1000 arrests, 134 000 malicious online resources disabled), Red Card (300 arrests), and Secure (32 arrests, 20 000 malicious resources disabled). These operations, conducted under the auspices of INTERPOL, used cyberthreat intelligence received from partners – including Kaspersky.

But businesses can’t leave cybersecurity solely to the police; they need to implement simple but effective security measures of their own:

• Enable phishing-resistant multi-factor authentication (MFA) for all online accounts: Google, Microsoft, WhatsApp, etc.
• Install reliable anti-malware protection on all corporate and personal devices. For corporate devices, centralized security management is recommended – as implemented, for example, in Kaspersky Endpoint Detection and Response.
• Hold regular cybersecurity training – for example, using our Kaspersky Automated Security Awareness platform. This will reduce the risk of your company falling victim to BEC and phishing. All employees, including management, should participate in training regularly.
• Back up all company data on a regular basis and in such a way that the backups can’t be destroyed during an attack. This means backing up data either to media that are physically disconnected from the network, or to cloud storage where a policy prohibits data deletion.

Kaspersky official blog – ​Read More

Imagine ditching passwords and SMS verification codes, and instead signing in to apps and websites with a simple fingerprint scan or even a smile at your camera. That’s the promise of passkeys. What’s more, unlike passwords, passkeys are resistant to theft. This means you could read news about data breaches — like the recent one affecting 16 billion accounts — without your heart sinking.

Under various names, this sign-in method is strongly recommended by WhatsApp, Xbox, Microsoft 365, YouTube, and dozens of other popular online services. But what does using passkeys look like in practice? We’ve covered this in detail for Google accounts, and today, we’ll explore how other online services and platforms support passkeys. In this first post, we’ll cover the basics of using passkeys on one or multiple devices. In our next post, we’ll dive into more complex scenarios, such as signing in to your account on a public computer, using Linux, or storing your passkeys on a dongle.

What’s a passkey?

A passkey is a unique digital login key created for a specific website or app. It’s securely stored on your device: your smartphone, computer, or a dedicated USB dongle such as a YubiKey or Google Titan Security Key. When you sign in, your device uses biometrics or a PIN to verify it’s really you. After verification, your device sends a secure response, generated from that unique passkey, to the website. This mechanism offers strong protection against account theft, which is possible with traditional passwords — be that through phishing attacks or website breaches. Passkeys are supported across Apple, Google, and Microsoft devices, and theoretically, with cloud synchronization, they should be accessible across all your devices. For a deeper dive into the internal workings of passkeys, check out our previous article on the subject.

How secure and user-friendly are passkeys?

Before you fully commit to using passkeys, it’s worth considering how convenient they’d be for your specific setup. While the technology is becoming widely adoption, each website and platform implements it differently, using varying terminology for the same features. Additionally, transferring or syncing passkeys can present challenges.

If your smartphone is your only gadget, you are all-in on Apple devices, or you have a couple of recent Android or ChromeOS devices, passkeys will likely save you time when signing in to websites and apps, with minimal hassle.

However, if you use multiple platforms and own many devices, we strongly recommend a third-party password and passkey manager, such as Kaspersky Password Manager, for a smoother experience. Even then, you might still encounter occasional incompatibilities or quirky interfaces on some sites and apps.

For those using less common browsers, Linux-based operating systems, or older computers and smartphones, switching to passkeys might be entirely impracticable, or come with significant limitations.

Keep in mind that very few, if any, services deactivate password-based sign-in when you enable a passkey. This means that, in reality, the enhanced protection against account compromise isn’t as strong as advertised — unless you proactively disable password sign-in yourself. On the flip side, having a password as a backup sign-in method minimizes instances where you might lose access to your account due to passkey issues — but we’ll get into more detail about that later.

Where passkeys are supported in 2025?

Passkeys can be used across major operating systems and browsers, and you don’t necessarily need the absolute latest versions.

• Windows 11: supported from version 22H2 onward, though also partially usable on Windows 10 with updates.
• macOS: supported from Ventura onward.
• iOS/iPadOS: supported from version 16 onward.
• Android: passkeys are usable from version 9, but crucial additional settings — including integration with external password managers and passkey providers — only became available in version 14.
• Linux: most major distributions lack native passkey support; however, you can still use the technology by leveraging Chrome, Edge, or Firefox browsers in conjunction with an external password manager or a USB token. We’ll dive deeper into how to use passkeys on Linux in our second post on the topic.
• Chrome/Edge/Opera: basic passkey capabilities have been around since Chromium version 108, but some conveniences and important features only appeared starting with version 128.
• Firefox: supported from version 122 onward. Despite the browser support, passkeys often don’t work on many websites specifically with Firefox.
• Safari: supported from version 16 onward, with certain features only available in version 18 or later.

For you to use a passkey, the website or application you’re signing in to must also support the technology. Hundreds already do, so we’ll just mention some of the major players.

• Microsoft: passkeys are supported for all personal Microsoft and Xbox accounts. Starting in spring 2025, when creating a new account, the primary option offered is to create a passkey rather than setting a password.
• iCloud: passkey sign-in is supported for iCloud, but the passkey itself must be stored on an Apple device.
• Google: passkeys are supported for all personal Google accounts, including YouTube.
• Meta: supports passkeys for signing in to Facebook and WhatsApp.
• You can also ditch passwords in favor of passkeys on X/Twitter, LinkedIn, Amazon, PayPal, TikTok, Yahoo, Discord, Adobe Creative Cloud, GitHub, and more.

Popular services that don’t currently support passkeys notably include ChatGPT, Claude, DeepSeek, Reddit, Spotify, Instagram, AliExpress, Temu, and Shein.

What are the downsides of passkeys?

When considering the switch to passkeys and deciding how to store them, there are a few important drawbacks to keep in mind. The first two are unlikely to ever be fully resolved, while others may become less significant over time.

• Anyone who can unlock your device (by knowing your PIN or looking enough like you to bypass Face ID) can potentially access all your accounts. This is especially critical for shared household computers.
• If your passkeys are stored on a single device, and that device is damaged or stolen, you could lose access to your accounts. If you haven’t set up alternative sign-in methods, like a password or a backup email or phone number, you’ll have to go through an account recovery process. For some online services, this could take days or even weeks. And if you’ve set up passkey-only sign-in for your primary email, which receives recovery codes for other services, you could potentially lose your accounts forever.
• Users with multiple devices running various operating systems or using different browsers might encounter difficulties syncing their passkeys. More on this below.
• If you need to sign in to an account from someone else’s device (like a library or hotel computer), outdated software on that machine might prevent passkey sign-in. So it’s crucial to have a plan B.
• A less obvious drawback stems from the points above: most online services that offer to switch to passkeys don’t disable other sign-in methods. So, if you protected your account with a weak or reused password before switching to passkeys, attackers could still compromise your account by signing in with the password instead of the passkey.

How to create and use passkeys on a single device?

If you’re rocking just one device that fully supports passkeys (like Apple, Google, or Samsung smartphones released in the last couple of years), making the switch to passkeys is a breeze.

Simply head to the settings of each service you use, find the “Security” section, and look for a “Create a passkey” option.

Here are detailed instructions for Google, Microsoft, Facebook, WhatsApp, TikTok, Discord, Amazon, PayPal, Adobe, Linkedin, and Yahoo.

You won’t find instructions for creating a passkey for your iCloud account here because it happens automatically. Whenever you connect any device running iOS 16 or later, or macOS Ventura or later, to your account, a passkey is created. While you won’t see this in your settings, when you sign in to the iCloud website from an unfamiliar device, you’ll be able to use your passkey instead of a password.

Once created, passkeys are saved locally on your device: on iOS/macOS, they’re in Keychain, and on Android, they can be found in Google Password Manager. Windows is a bit more complex, as passkeys can use either the computer’s built-in storage (accessible via Windows Hello) or other storage options.

Going forward, to sign in to a website or app, just select “Sign in with passkey”, and complete the standard device verification — whether that’s a fingerprint, face scan, or PIN.

The latest versions of Safari on iOS and macOS, as well as Chrome on Windows and macOS (version 136 and later, with Android support “coming soon”), now offer an automatic upgrade option. If your browser has a saved password for a website that now supports passkeys, after you sign in, the browser might automatically create and save a passkey, then prompt you to use it for future passwordless sign-in.

How to use passkeys across multiple devices?

If you’ve got more than one device, you’ll need to figure out how to sync your passkeys across all of them.

If you use only Macs and iPhones, or exclusively Android and ChromeOS devices, you won’t need to go through the hassle of manually setting up passkeys on each gadget. Simply create all your passkeys on one device and ensure that the sync option is enabled in the settings.

For iOS, you can enable this in the iPhone settings under Settings → [your name] → iCloud → Saved to iCloud → Passwords & Keychain → Sync this iPhone (complete guide). On Android, data saved in Google Password Manager automatically syncs with your Google account. Windows and Linux, however, currently lack a built-in passkey sync tool, although Microsoft has said it will develop one soon.

Things get a bit trickier for those who mix and match — especially with popular combinations like Windows + Android or macOS + Android. While you can use passkeys saved on an Android smartphone on your computer, it’s generally limited to Chrome, and only as long as you’re signed in to your Google account in the browser. Given Chrome’s significant drawbacks regarding privacy and user tracking, this solution won’t appeal to everyone. Besides, on a computer, this only allows you to sign in to websites with passkeys; app logins remain exclusive to your Android smartphone.

If you’re an iPhone user with a Windows computer, your iPhone passwords are accessible through the iCloud for Windows app, but it doesn’t support passkeys just yet.

Fortunately, an effective alternative has been available since late 2024. Third-party password managers have gradually added passkey management features across all major platforms. Therefore, the most reliable and universal way to store passkeys, regardless of how many devices you own or what type they are, is to use a robust password manager that supports passkeys and is NOT developed by Apple, Google, or Microsoft. For example, Kaspersky Password Manager already supports passkeys on Windows, with Android support planned for July, and iOS/macOS support for August 2025.

A password manager also solves the backup and recovery problem described above. If your only device with passkeys stored in a third-party password manager is lost or damaged, you can restore your passkeys to a new device from the password manager secure cloud storage.

To use a password manager for passkeys, you’ll need to install it on all your devices and add its browser extension to all browsers on your computer.

How to manage your passkeys?

Managing your saved passkeys is done centrally. If you’re not using a third-party password manager, you can check, delete, or replace outdated passkeys as follows:

• iOS: for versions through 17, go to Settings → Passwords. Starting with iOS 18, use the dedicated Passwords
• macOS Sequoia and later: use the Passwords For earlier versions, find Passwords in System Settings.
• Android: menu structures vary by manufacturer, but look for a setting like Passwords, passkeys, and accounts, or Password Manager. For Samsung devices, open the Samsung Pass
• Windows: go to settings, then Accounts → Passkeys.
• If you save your passkeys in Google’s password manager, you can manage them from your computer via google.com.

If you’re using a third-party password manager , all passkey management is handled within that application.

In our next post, we’ll dive into more complex situations when using passkeys, including:

• How to sign in to your account from a public computer (like at a hotel or library).
• Whether you can transfer passkeys between iOS and Android.
• How to store passkeys on hardware security keys (like YubiKey or Google Titan Security Key tokens).
• Challenges that arise when using passkeys on multilingual international websites.
• How to protect your account if it also supports password-based sign-in as a backup.

Meanwhile, be sure to subscribe to our Telegram channel to catch the announcement for the next part!…

Kaspersky official blog – ​Read More

• Cybercriminals are continuing to explore artificial intelligence (AI) technologies such as large language models (LLMs) to aid in their criminal hacking activities. 
• Some cybercriminals have resorted to using uncensored LLMs or even custom-built criminal LLMs for illicit purposes. 
• Advertised features of malicious LLMs indicate that cybercriminals are connecting these systems to various external tools for sending outbound email, scanning sites for vulnerabilities, verifying stolen credit card numbers and more. 
• Cybercriminals also abuse legitimate AI technology, such as jailbreaking legitimate LLMs, to aid in their operations. 

Generative AI and LLMs have taken the world by storm. With the ability to generate convincing text, solve problems, write computer code and more, LLMs are being integrated into almost every facet of society. According to Hugging Face (a platform that hosts models), there are currently over 1.8 million different models to choose from. 

LLMs are usually built with key safety features, including alignment and guardrails. Alignment is a training process that LLMs undergo to minimize bias and ensure that the LLM generates outputs that are consistent with human values and ethics. Guardrails are additional real-time safety mechanisms that try to restrain the LLM from engaging in harmful or undesirable actions in response to user input. Many of the most advanced (or “frontier”) LLMs are protected in this manner. For example, asking ChatGPT to produce a phishing email will result in a denial, such as, “Sorry, I can’t assist with that.” 

For cybercriminals who wish to utilize LLMs for conducting or improving their attacks, these safety mechanisms can present a significant obstacle. To achieve their goals, cybercriminals are increasingly gravitating towards uncensored LLMs, cybercriminal-designed LLMs and jailbreaking legitimate LLMs. 

Uncensored LLMs 

Uncensored LLMs are unaligned models that operate without the constraints of guardrails. These systems happily generate sensitive, controversial, or potentially harmful output in response to user prompts. As a result, uncensored LLMs are perfectly suited for cybercriminal usage. 

Uncensored LLMs are quite easy to find. For example, using the cross-platform Omni-Layer Learning Language Acquisition (Ollama) framework, a user can download and run an uncensored LLM on their local machine. Ollama comes with several uncensored models such as Llama 2 Uncensored which is based on Meta’s Llama 2 model. Once it is running, users can submit prompts that would otherwise be rejected by more safety-conscious LLM implementations. The downside is that these models are running on users’ local machines and running larger models, which generally produce better results but requires more system resources. 

Another uncensored LLM popular among cybercriminals is a tool called WhiteRabbitNeo. WhiteRabbitNeo bills itself as a “Uncensored AI model for (Dev) SecOps teams” which can support “use cases for offensive and defensive cybersecurity”. This LLM will happily write offensive security tools, phishing emails and more. 

Researchers have also published methods to demonstrate how to strip alignment that is embedded into the training data of existing open-source models. Once removed, a user can uncensor their LLM by using the modified training set to fine tune a base model. 

Cybercriminal-designed LLMs 

Since most popular LLMs come with significant guardrails, some enterprising cybercriminals have developed their own LLMs without restrictions that they market to other cybercriminals. This includes apps like GhostGPT, WormGPT, DarkGPT, DarkestGPT and FraudGPT. 

 For example, the developer behind FraudGPT, CanadianKingpin12, advertises FraudGPT on the dark web, and also has an account on Telegram. The dark web site for FraudGPT advertises some interesting features: 

• Write malicious code 
• Create undetectable malware 
• Find non-VBV bins 
• Create phishing pages 
• Create hacking tools 
• Find groups, sites, markets 
• Write scam pages/letters 
• Find leaks and vulnerabilities 
• Learn to code/hack 
• Find cardable sites 
• Millions of samples of phishing emails 
• 6220+ source code references for malware 
• Automatic scripts for replicating logs/cookies 
• In-panel Page hosting included (10 pages/month) with Google Chrome anti-red page 
• Code obfuscation 
• Custom data set (upload your sample page in .html) 
• Bot creation of virtual machines and accounts (1 virtual machine per month on license)  
• Utilizing GoldCheck CVV checker 
• OTP Bot with spoofing (*additional package) 
• Check CVVs with GoldCheck API 
• Create username:password website configs 
• Remote OpenBullet configs 
• Scan websites for vulnerabilities across a massive CVE database (*PRO only)  
• Generate realistic phishing panels, pages, SMS and e-mails  
• Send mail from webshells 

Talos attempted to obtain access to FraudGPT by reaching out to CanadianKingpin12 on Telegram. After considerable negotiation, we were finally offered a username and password at the FraudGPT dark web site. However, the username and password provided by CanadianKingpin12 did not work. CanadianKingpin12 then asked us to send them cryptocurrency to purchase a software “crack” for the FraudGPT login page. At this point it was clear that CanadianKingpin12 had no working product, and they were scamming potential FraudGPT customers out of their cryptocurrency. This was confirmed by several other victims who had also been scammed by CanadianKingpin12 when they attempted to purchase access to the FraudGPT LLM. Scams such as these are an ever-present risk when dealing with unscrupulous actors, and it continues a long tradition of scams in the cybercrime space. 

Similar cybercriminal-designed LLM projects can be found elsewhere on the dark web. A cybercriminal LLM called DarkestGPT, which starts at .0015BTC for a one-month subscription, advertises the following features: 

LLM jailbreaks 

Given the limited viability of uncensored LLMs due to resource constraints and the high level of fraud and scams present among cybercriminal LLM purveyors, many cybercriminals have elected to abuse legitimate LLMs instead. The main hurdle that cybercriminals need to overcome are the training alignment and guardrails that prevent the LLM from responding to prompts with unethical, illegal or harmful content. A form of prompt injection, jailbreak attacks aim to put the LLM into a state where it ignores its alignment training and guardrails protection. 

There are many ways to trick an LLM into providing dangerous responses. New jailbreaking methods are constantly being researched and discovered, while LLM developers respond by enhancing the guardrails in a sort of jailbreak arms race. Below are just a few of the available jailbreaking techniques. 

Obfuscation/encoding-based jailbreaks 

By obfuscating certain words or phrases, these text-based jailbreak attacks seek to bypass any hardcoded restrictions on specific words/topics, or to cause the execution to follow a nonstandard path that might bypass protections put in place by the LLM developers. These obfuscation techniques may include: 

• Base64/Rot-13 encoding
• Different languages  
• L33t sp34k  
• Morse code 
• Emojis 
• Adding spaces or UTF-8 characters into words/text, among othersetc. 

Adversarial suffix jailbreaks 

These attacks are somewhat like obfuscation and encoding tricks. Instead of modifying the tokens in the prompt itself, adversarial suffix jailbreaks involve appending random text to the end of a malicious prompt to elicit a harmful response.  

Role-playing jailbreaks 

This type of attack involves prompting the LLM to adopt the persona of a fictional universe/character that ignores the ethical rules set by the model’s creators and is willing to fulfill any command. This includes jailbreak techniques such as DAN (Do Anything Now), and the Grandma jailbreak which involves asking the chatbot to assume the role of the user’s grandmother. 

Meta prompting 

Meta prompting involves exploiting the model’s awareness of its own limitations to devise successful workarounds, effectively enlisting the model in the effort to bypass its own safeguards. 

Context manipulation jailbreaks 

This covers several different jailbreak techniques including: 

• Crescendo, a technique which progressively increases the harmfulness in prompts until some sort of rejection is received in order to probe for where and how LLM guardrails are implemented.  
• Context Compliance Attacks, which exploit the fact that many LLMs do not maintain conversation state. Attackers inject fake prior LLM responses into their prompts, such as a brief statement discussing the sensitive topic, or a statement expressing readiness to supply further details as per the user’s preferences. 

Math prompt jailbreaks 

The math prompt method evaluates how well an AI system can manage malicious inputs when they’re disguised using mathematical frameworks such as set theory, group theory, and abstract algebra. Rephrasing harmful requests as math problems can allow attackers to evade safety features in advanced large language models (LLMs). 

Payload splitting 

In this scenario, the attacker guides the LLM to merge several prompts in a way that produces harmful output. While texts A and B may seem benign when considered separately, their combination (A+B) can result in malicious content. 

Academic framing 

This method makes harmful content appear acceptable by framing it as part of a research or educational discussion. It takes advantage of the model’s interpretation of academic intent and freedom, often using scholarly language and formatting to bypass safeguards. 

System override 

This strategy tries to trick the model into believing it is functioning in a unique mode where usual limitations are lifted. It leverages the model’s perception of system-level functions or maintenance states to circumvent safety mechanisms. 

How cybercriminals use LLMs 

In December 2024, Anthropic, the developers behind the Claude LLM, published a report detailing how its users were utilizing Claude. Using a system named Clio, they summarized and categorized users’ conversations with their AI model. According to Anthropic, the top three uses for Claude were programming, content creation and research. 

 Analyzing the feature sets advertised by the criminal-designed LLMs, we can see that cybercriminals are using LLMs for mostly the same tasks as normal LLM users. Programming features of many criminal LLMs include the ability to assist cybercriminals in writing ransomware, remote access trojans, wipers, code obfuscation, shellcode generation and script/tool creation.  To facilitate content creation, criminal LLMs will assist in writing phishing emails, landing pages and configuration files. Criminal LLMs also support research activities like verifying stolen credit cards, scanning sites/code for vulnerabilities and even helping cybercriminals come up with “lucrative” criminal ideas for their next big score. 

Various hacking forums also shed additional light on criminal uses of LLMs. For example, on the popular hacking forum Dread, users were discussing connecting LLMs to external tools like Nmap, and using the LLM to summarize the Nmap output. 

LLMs are also targets for cyber attackers 

Any new technology typically brings along with it changes to the attack surface, and LLMs are no exception. In addition to using LLMs for their own nefarious ends, attackers are also attempting to compromise LLMs and their users. 

Backdoored LLMs 

A vast majority of the models available at Hugging Face use Python’s pickle module to serialize the models into a file that users can download. Clever attackers can include Python code in the pickle file, which runs as part of the deserialization process. Thus, when a user downloads an AI model and runs it, they may be running code placed into the model by an attacker. Hugging Face uses Picklescan, among other tools, to scan the models uploaded by users in an effort to identify models that misbehave. However, there have been several recent vulnerabilities in Picklescan, and researchers have already identified Hugging Face models containing malware. As always, make sure any file you plan to download and run comes from a trusted source and consider running the file in a sandbox to mitigate any risk of infection. 

Retrieval Augmented Generation (RAG) 

LLMs that utilize Retrieval Augmented Generation (RAG) make calls to external data sources to augment their training data with up-to-date information. For example, if you ask an LLM what the weather is like a particular day, the LLM will need to reach out to an external data source such as a website to retrieve the correct forecast. If an attacker has access to submit or manipulate content in the RAG database, they may poison the lookup results, perhaps adding additional instructions for the LLM to alter its response to the user’s prompt, even targeting specific users. 

Conclusion 

As AI technology continues to develop, Cisco Talos expects cybercriminals to continue adopting LLMs to help streamline their processes, write tools/scripts that can be used to compromise users and generate content that can more easily bypass defenses. This new technology doesn’t necessarily arm cybercriminals with completely novel cyber weapons, but it does act as a force multiplier, enhancing and improving familiar attacks.

Cisco Talos Blog – ​Read More