SpamGPT makes cybercriminals' wildest dreams come true (www.techradar.com)

Researchers at Varonis have exposed "SpamGPT," a professional-grade spam-as-a-service platform that packages AI-powered phishing into a marketer-style dashboard so nontechnical attackers can run large-scale campaigns. The tool integrates language models to craft personalized phishing copy and subject lines, offers CRM-like campaign scheduling and analytics, and includes modules for SMTP/IMAP setup, bulk import and validation of SMTP credentials, server rotation to evade throttling, and real-time inbox monitoring (replies, bounces, inbox vs. spam placement). Varonis warns feature sets such as automated deliverability testing, custom header spoofing, and even tutorials on acquiring or compromising mail servers drastically lower the skill barrier for attackers—“a CRM for cybercriminals,” in the words of Varonis’ Rob Sobers. Technically, SpamGPT’s combination of LLM-driven content, infrastructure automation (credential validation, SMTP rotation), and IMAP-based feedback loops lets operators optimize campaigns iteratively the way legitimate marketers do, increasing conversion rates and enabling malware or credential-harvesting at scale while evading basic filters. The takeaway for defenders: expect more frequent, higher-quality phishing and ransomware lures. Recommended mitigations include enforcing SPF/DKIM/DMARC, deploying AI-aware phishing detectors, MFA, regular backups and patching, segmentation and least-privilege, continuous user training, and tested incident-response plans to limit damage and speed recovery.