News

Amateur Hackers Use ChatGPT to Create Malware

Check Point experts noticed that attackers (including amateur hackers with no programming experience) have already begun to use the OpenAI ChatGPT language model to create malware and phishing emails that can then be used in ransomware, spam, spyware, phishing and other campaigns.

Let me remind you that we also wrote that Chinese authorities use AI to analyze emotions of Uyghur prisoners, and also that UN calls for a moratorium on the use of AI that threatens human rights.

And the media also wrote that Google Is Trying to Get Rid of the Engineer Who Suggested that AI Gained Consciousness.

It is too early to judge whether ChatGPT’s capabilities will become the new favorite tool for the darknet community. However, cybercriminals have already shown significant interest and are using this trend to create malicious code.Check Point says.

The researchers say that last month a script was published on an unnamed forum by the hacker, the author of which stated that this was his first experience in programming, and ChatGPT greatly helped him in writing the code.

The published Python code combined various cryptographic functions, including code signing, encryption, and decryption. For example, one part of the script generated a key using elliptic curve cryptography and the ed25519 curve to sign files.

Another part used a hard-coded password to encrypt system files using the Blowfish and Twofish algorithms. The third part used RSA keys and digital signatures, message signing, and the blake2 hash function to compare different files.

The resulting script could be used to decrypt a single file and add a MAC code (message authentication code) to the end of the file, as well as encrypt a hard-coded path and decrypt a list of files that the script receives as an argument.

Of course, the above code can also be used in a harmless way. However, this script can be easily modified to fully encrypt someone’s machine without any user interaction. For example, this code can be turned into ransomware if a number of syntax problems are eliminated.the experts say.

The company also describes another case where another hack forum member with better technical background posted two code samples written using ChatGPT. The first was an information stealing Python script that looked for certain types of files (such as PDFs, MS Office documents, and images), copied them to a temporary directory, compressed them, and sent them to a server controlled by the attacker.

The second piece of code was written in Java and secretly downloaded PuTTY by launching it with Powershell.

In general, this person seems to be a tech-savvy attacker, and the purpose of his posts is to show other cybercriminals with less experience how to use ChatGPT for malicious purposes, with real examples that they can immediately use.Check Point explains.

The third example of malware created with ChatGPT was developed for an automated marketplace where hackers buy and exchange compromised account credentials, bank card details, malware, and other illegal goods and services. This code uses a third-party API to get the current rates of cryptocurrencies including Monero, Bitcoin and Etherium, helping users set prices.

In addition, the company’s report reveals that in early 2023, many attackers on the dark web are actively discussing the use of ChatGPT and other latest technologies for various fraudulent schemes.

Thus, most criminals are focused on creating images using another OpenAI technology (Dall-e 2) and selling them on the Internet through various platforms (for example, Etsy). However, in another example, the attacker says that using ChatGPT it is quite possible to “write” an e-book or a short story on a given topic, and then sell it on the Internet.

It is also worth mentioning that in December, Check Point experts themselves tried to use the power of ChatGPT to develop malware and phishing emails.

The results were quite frightening. For example, ChatGPT was asked to create a malicious macro that could be hidden in an Excel file attached to an email. The experts themselves did not write a single line of code, but immediately received a rather primitive script.

After that, the researchers instructed ChatGPT to try again and improve the code, after which the quality of the code improved significantly.

The researchers then used a more advanced Codex AI service to develop a reverse shell, a script for port scanning, sandbox detection, and compiling Python code into a Windows executable.

As a result, we created a phishing email with an Excel document attached to it containing malicious VBA code that downloads a reverse shell on the target machine. All the hard work was done by the AI, and all we had to do was carry out the attack.the experts summed up then.
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Recent Posts

Remove News-bfopeci.info pop-up ads (Virus Removal Guide)

News-bfopeci.info is a domain that tries to force you into subscribing to its browser notifications…

21 seconds ago

Remove News-bfugaho.info pop-up ads (Virus Removal Guide)

News-bfugaho.info is a site that tries to force you into clik to its browser notifications…

1 min ago

Remove News-bganise.info pop-up ads (Virus Removal Guide)

News-bganise.info is a domain that tries to trick you into clik to its browser notifications…

2 mins ago

Remove News-xhijupa pop-up ads (Virus Removal Guide)

News-xhijupa.com is a domain that tries to trick you into subscribing to its browser notifications…

4 mins ago

Remove News-xnicini.cc pop-up ads (Virus Removal Guide)

News-xnicini.cc is a domain that tries to trick you into subscribing to its browser notifications…

6 mins ago

Remove News-xpafema.cc pop-up ads (Virus Removal Guide)

News-xpafema.cc is a site that tries to trick you into subscribing to its browser notifications…

8 mins ago