We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of cybersecurity researchers, writers, and editors continues to help readers maintain their online freedom in partnership with Kape Technologies PLC, which also owns the following products: Holiday.com, ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and detailed examination by the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of cybersecurity researchers, writers, and editors continues to help readers maintain their online freedom in partnership with Kape Technologies PLC, which also owns the following products: Holiday.com, ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and detailed examination by the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

Cybercrime Tool SpamGPT Used for Massive Phishing Attacks

Cybercrime Tool SpamGPT Used for Massive Phishing Attacks
Author Image Andrea Miliani
Andrea Miliani Published on September 11, 2025 Cybersecurity Researcher

Cybercriminals are using a new, sophisticated tool called SpamGPT to launch large-scale email phishing campaigns. The AI-powered software has been promoted in the dark web as a “spam-as-a-service” platform that automates most of the tasks involved in an email phishing attack.

According to Cybersecurity News, malicious actors have developed the cybercrime toolkit by leveraging AI systems and professional email marketing strategies for fraudulent email operations, and are selling it for $5,000.

The interface closely resembles legitimate email marketing services and includes multiple features, such as SMTP/IMAP email server, email testing, and real-time campaign performance monitoring.

SpamGPT integrates an AI marketing assistant named KaliGPT into its dashboard, which helps cybercriminals create and automate campaigns. The AI assistant suggests and crafts persuasive content, including subject lines, and recommends a target audience.

The program is promoted as an efficient tool for reaching inboxes from popular providers such as Gmail, Microsoft 365, and Outlook, by masking its malicious content and evading detection.

According to a recent report published by the cybersecurity firm Varonis, experts warned about SpamGPT’s capacities and its potential to facilitate cyberattacks for criminals with little technical knowledge.

“SpamGPT lowers the technical barrier for running effective spam and phishing campaigns,” states the document. “What used to require a team of skilled developers can now be accomplished by a single bad actor with a $5,000 toolkit.”

The cybersecurity expert recommends that companies strengthen their email defenses and include AI-powered security solutions, as the abuse of generative AI for cyberattacks is growing. “Staying ahead of this curve will require defenders to likewise leverage AI, monitoring, and collaboration across the security community,” added the researcher.

A few months ago, it was reported that cybercriminals were using another phishing toolkit to exploit Progressive Web Apps (PWAs) developed by security researcher mr.d0x. The expert also warned about the urgent need to enhance security layers against phishing campaigns.

About the Author

Andrea is a seasoned tech journalist with a growing passion for cybersecurity, covering cyberattacks, AI breakthroughs, and the latest trends shaping the future of technology.

Please, comment on how to improve this article. Your feedback matters!

Leave a comment

This field must contain more than 50 characters

The field content should not exceed 1000 letters

Sorry, links are not allowed in this field!

Name should contain at least 3 letters

The field content should not exceed 80 letters

Sorry, links are not allowed in this field!

Special characters are not allowed in the Name field

Please enter a valid email address