An in-depth investigation of a new AI chatbot called Abrax666 advertised on cybercrime forums reveals multiple red flags suggesting it’s likely a scam. With a negative review after communication, no seller deposit, exaggerated capabilities claimed, and zero evidence of satisfied customers, we judge that Abrax666 has no credibility as a real product.

SlashNext monitors cybercrime platforms and forums on a daily basis in order to better understand cybercriminal activity and provide assistance to the broader cybersecurity community.

Last week , a thread promoting a new AI chatbot variant named Abrax666 surfaced on a major Russian cybercrime forum. It was posted by a user named ‘Abrax’. At first glance, the original post lacked technical details about Abrax666’s purported capabilities.

Image: A screenshot of Abrax666 being advertised on a Russian cybercrime forum.

We explored other platforms to learn more about where Abrax666 was advertised for sale. Our research uncovered a public GitHub repository detailing Abrax666’s claimed features, including call spoofing, malware creation, and phishing.

Image: A screenshot of the public Abrax666 GitHub repository.

However, upon returning to the original forum, we discovered a different thread aimed at selling Abrax666. Further investigation revealed that this was an older attempt by ‘Abrax’ to promote Abrax666 on this particular forum. It should be noted that this thread was closed because ‘Abrax’ did not make the required security deposit to sell products there.

Image: A screenshot of ‘Abrax’s’ thread being closed.

 

In this thread, a user named ‘SocketSilence’ attempted to test Abrax666 and left a detailed review expressing their scepticism about ‘Abrax’s’ claims. This was based on various inconsistencies they noticed while communicating with ‘Abrax’.

Image: A review left by ‘SocketSilence’ detailing their negative experience with ‘Abrax’.

Additionally, throughout our wider investigation across platforms, we could not find any evidence of satisfied Abrax666 customers. We conclude that Abrax666 is likely a scam for several reasons:

• The lack of a required security deposit on the forum is suspicious and abnormal for a legitimate seller, implying ‘Abrax’ could not or did not want to complete this standard verification.
• The technical claims of what Abrax666 can allegedly do is wide-ranging, almost too wide-ranging to make it an effective piece of malware. In the advertisement, it claims to have almost 100 unique features which is a bold claim .
• There is a complete absence of evidence that Abrax666 has ever been sold or used successfully. This strongly implies it is non-functional or fake.
• ‘Abrax’ has attempted to sell Abrax666 on other cybercrime forums but all of the threads have been removed from existence (possibly because of forum policy violations).

Image: A screenshot of ‘Abrax’s’ deleted forum thread.

The only potentially credible evidence that has caused us to slightly defer our verdict here, are videos being circulated by ‘Abrax’ that allegedly show the AI chatbot in use. However, even these videos do not appear to showcase the standard output one would expect from an AI chatbot of this nature. The output appears to look more like a standard tool that is not capable of real-time communication and does not accept prompts but arguments and flags instead.

While we cannot fully disprove Abrax666 without hands-on analysis, our investigation found no credible evidence that this advertised AI chatbot actually exists. We will continue monitoring for any new evidence, but currently judge Abrax666 as a likely scam attempt. Caution should be exercised before assuming new AI variants promoted in cybercrime circles are sincere threats.

Note: During the creation of this article, the GitHub repository was removed for an unknown reason. Additionally, everything written here refers to what we discovered prior to October 31st, 2023 . To some extent, we reserve our judgement because evidence could emerge in the future that contradicts much of what we have written here—we will update this article if new material becomes available.

One Step Ahead

SlashNext Complete provides real-time threat detection with unmatched accuracy to identify malicious email, mobile, and website threats. To request a demo, click here. Alternatively, you can watch a video of it in action by clicking here.

About the Author

Daniel Kelley is a reformed black hat computer hacker who collaborated with our team at SlashNext to research the latest threats and tactics employed by cybercriminals, particularly those involving BEC, phishing, smishing, social engineering, ransomware, and other attacks that exploit the human element.