Amateur Hackers Use ChatGPT to Create Malware

Check Point experts noticed that attackers (including amateur hackers with no programming experience) have already begun to use the OpenAI ChatGPT language model to create malware and phishing emails that can then be used in ransomware, spam, spyware, phishing and other campaigns.

And the media also wrote that Google Is Trying to Get Rid of the Engineer Who Suggested that AI Gained Consciousness.

The researchers say that last month a script was published on an unnamed forum by the hacker, the author of which stated that this was his first experience in programming, and ChatGPT greatly helped him in writing the code.

The published Python code combined various cryptographic functions, including code signing, encryption, and decryption. For example, one part of the script generated a key using elliptic curve cryptography and the ed25519 curve to sign files.

Another part used a hard-coded password to encrypt system files using the Blowfish and Twofish algorithms. The third part used RSA keys and digital signatures, message signing, and the blake2 hash function to compare different files.

The resulting script could be used to decrypt a single file and add a MAC code (message authentication code) to the end of the file, as well as encrypt a hard-coded path and decrypt a list of files that the script receives as an argument.

The company also describes another case where another hack forum member with better technical background posted two code samples written using ChatGPT. The first was an information stealing Python script that looked for certain types of files (such as PDFs, MS Office documents, and images), copied them to a temporary directory, compressed them, and sent them to a server controlled by the attacker.

The second piece of code was written in Java and secretly downloaded PuTTY by launching it with Powershell.

The third example of malware created with ChatGPT was developed for an automated marketplace where hackers buy and exchange compromised account credentials, bank card details, malware, and other illegal goods and services. This code uses a third-party API to get the current rates of cryptocurrencies including Monero, Bitcoin and Etherium, helping users set prices.

In addition, the company’s report reveals that in early 2023, many attackers on the dark web are actively discussing the use of ChatGPT and other latest technologies for various fraudulent schemes.

Thus, most criminals are focused on creating images using another OpenAI technology (Dall-e 2) and selling them on the Internet through various platforms (for example, Etsy). However, in another example, the attacker says that using ChatGPT it is quite possible to “write” an e-book or a short story on a given topic, and then sell it on the Internet.

It is also worth mentioning that in December, Check Point experts themselves tried to use the power of ChatGPT to develop malware and phishing emails.

The results were quite frightening. For example, ChatGPT was asked to create a malicious macro that could be hidden in an Excel file attached to an email. The experts themselves did not write a single line of code, but immediately received a rather primitive script.

After that, the researchers instructed ChatGPT to try again and improve the code, after which the quality of the code improved significantly.

The researchers then used a more advanced Codex AI service to develop a reverse shell, a script for port scanning, sandbox detection, and compiling Python code into a Windows executable.