Redazione RHC : 11 September 2025 19:10
A new tool called SpamGPT has appeared on underground forums and has quickly become a hot topic in the cybersecurity community. The malicious software combines the capabilities of generative artificial intelligence with a complete system for sending mass emails and presents itself as a ready-to-use solution for conducting phishing campaigns.
Its developers openly call the product “spam-as-a-service,” emphasizing that it combines all the functions of a professional marketing platform, but is used for illegal activities.
The SpamGPT interface faithfully replicates legal email marketing services: modules are available for campaign management, SMTP and IMAP settings, delivery controls, and analytics. The dark control panel comes with a built-in KaliGPT assistant that generates email text, selects topics, and even provides recommendations on how to increase victim engagement. Automatic message delivery control is implemented via real-time mailbox monitoring, which allows operators to instantly verify whether a message has arrived in the inbox or been filtered.
Vuoi diventare un esperto del Dark Web e della Cyber Threat Intelligence (CTI)?Stiamo per avviare il corso intermedio in modalità "Live Class" del corso "Dark Web & Cyber Threat Intelligence". A differenza dei corsi in e-learning, disponibili online sulla nostra piattaforma con lezioni pre-registrate, i corsi in Live Class offrono un’esperienza formativa interattiva e coinvolgente. Condotti dal professor Pietro Melillo, le lezioni si svolgono online in tempo reale, permettendo ai partecipanti di interagire direttamente con il docente e approfondire i contenuti in modo personalizzato. Questi corsi, ideali per aziende, consentono di sviluppare competenze mirate, affrontare casi pratici e personalizzare il percorso formativo in base alle esigenze specifiche del team, garantendo un apprendimento efficace e immediatamente applicabile. Contattaci tramite WhatsApp al 375 593 1011 per richiedere ulteriori informazioni oppure scriviti alla casella di posta [email protected] 
Se ti piacciono le novità e gli articoli riportati su di Red Hot Cyber, iscriviti immediatamente alla newsletter settimanale per non perdere nessun articolo. La newsletter generalmente viene inviata ai nostri lettori ad inizio settimana, indicativamente di lunedì. |
The creators claim that the platform is optimized to bypass Gmail, Outlook, Yahoo, and Microsoft 365 filters and also uses cloud services like AWS and SendGrid to disguise malicious traffic as legitimate. The focus is not only on scalability, but also on guaranteed delivery: the tool doesn’t just send emails, it ensures they arrive in recipients’ home folders.
The kit includes a “SMTP Hacking Mastery Course” that explains how to obtain and generate servers for deployment. Users are shown how to take control of poorly secured or misconfigured email hosts, as well as how to create an unlimited number of SMTP accounts. The control panel supports bulk server import, server functionality testing, and load balancing across dozens of sources, making attacks sustainable and large-scale.
An important part of the kit is tools for replacing senders and creating custom headers. This allows attackers to imitate trusted domains and brands, bypassing basic protection mechanisms. The campaigns themselves are created through a CRM-like system: attackers can set up templates, schedule sending, switch servers, and track detailed statistics on opens and clicks.
Essentially, SpamGPT has transformed a complex process into a construction kit that even less experienced cybercriminals can implement. Everything that previously required a team of programmers is now done through an intuitive interface by a single operator who pays around $5,000. This dramatically lowers the barrier to entry and makes mass phishing attacks even more accessible.
Experts warn that to counter such solutions, companies must strengthen the protection of email domains. It is necessary to configure DMARC, SPF, and DKIM, as well as implement modern anti-phishing systems based on machine learning, capable of identifying generative text signals and atypical mailing patterns.
Only a combination of technologies, information exchange, and collective monitoring will allow us to anticipate attackers who use artificial intelligence to automate attacks.
Redazione