ChatGPT is also getting used to write fairly complex malicious code

A

Alfonso Maruccia

Posts: 1,020   +301
Staff
A hot potato: Despite being just a beta release, ChatGPT is already showing impressive capabilities to the entire spectrum of internet communities, including underground forums, where seasoned cyber-criminals have demonstrated how the AI can make creating functional malware much easier.

While New York City schools have decided to ban ChatGPT from their network and devices, the internet criminal underground is looking into adopting the new technology to create malware faster. The machine learning-based chatbot was designed to interact in a conversational way, answer follow-up questions and admit its mistakes, and it seems OpenAI researchers made such a good job that the service can even write code that works with just a few adjustments here and there.

Security enterprise Check Point recently scoped cyber-crime forums in search of ChatGPT-assisted pieces of malicious code. They found what they were searching for, as ChatGPT is seemingly being used both as an "educational" tool and as a pure malware-creation platform.

Thanks to OpenAI's chatbot, users of the underground hacking forum analyzed by Check Point were able to create a Python-based stealer that searches for common file types, copies them to the Temp folder, ZIPs them and uploads them to a hardcoded FTP server. Lather analyses confirmed that the malicious code could work.

A second sample, created by the same user, was a Java-based code snippet capable of downloading an SSH/Telnet client (PuTTY) and then running it covertly on the system using Powershell – a function that could be modified to download and run any program. Other, less capable "threat actors" used ChatGPT to create an encryption tool so that they could easily generate cryptographic keys, encrypt files, compare hashes and more.

ChatGPT can even be (ab)used to "facilitate fraud activity," Check Point warned, as the service was also able to create marketplace scripts for the Dark Web, using third-party APIs to "get up-to-date cryptocurrency (Monero, Bitcoin and Etherium) prices as part of the Dark Web market payment system."

Check Point previously tried their hand at automating an entire infection flow complete with a phishing email and malicious Excel VBA code. Furthermore, the researchers also used Codex – another code-creating, AI-based system – to create other types of complex pieces of (potentially) malicious code.

Regarding ChatGPT, the researchers say that it's still too early to decide whether or not the chatbot "will become the new favorite tool for participants in the Dark Web." However, the underground community has already shown a significant interest in "jumping into this latest trend to generate malicious code." ChatGPT should include some safeguards to avoid abuse, but malware authors and script kiddies have shown they can easily bypass those safeguards.

Permalink to story.

https://www.techspot.com/news/97202-chatgpt-used-create-fairly-complex-malicious-code.html

 
Bad press for such an amazing tool! Techspot should consider removing this article. Not only does it promote a way for the average person to create malware but it tarnishes a productivity tool that once used most developers won't want to go without. I did 10 hours of programming in about 30 minutes the other day.... Say what you will this tool is absolutely amazing!
 
  • Like
Reactions: PEnnn
CommonSense said:
Bad press for such an amazing tool! Techspot should consider removing this article. Not only does it promote a way for the average person to create malware but it tarnishes a productivity tool that once used most developers won't want to go without. I did 10 hours of programming in about 30 minutes the other day.... Say what you will this tool is absolutely amazing!
Click to expand...

The equivalent of your time saving example is 19 programmers becoming obsolete for every 1 employed due to these AI tools. I hope that doesn't become reality, I have a lot of buddies who are in programming.
 
Technology is advancing, people are not. This is the dilemma I see in our future. Really dumb people basically being controlled by really advanced AI. We will be entertained by it, we will depend on it, we won't be able to shop for groceries or balance a budget without it. AI will become our new "personal assistant" but it will be intrusive and run our lives and we will let it. Without it, we will no longer know how to live. All the free time that we gain for it will be in pursuit of trivialities. It will happen quickly too, the first iPhone was released in 2007, in 2023 there are more smartphones in the world than there are people. It is estimated that 6.8 B (of 8B) people currently use smartphones. That's in 15 years! Give AI 15 years, where will we be? Give it 5.
 
CommonSense said:
Bad press for such an amazing tool! Techspot should consider removing this article. Not only does it promote a way for the average person to create malware but it tarnishes a productivity tool that once used most developers won't want to go without. I did 10 hours of programming in about 30 minutes the other day.... Say what you will this tool is absolutely amazing!
Click to expand...
No one disputed it can be used for great stuff. Reading comprehension, dude.
 
CommonSense said:
Bad press for such an amazing tool! Techspot should consider removing this article. Not only does it promote a way for the average person to create malware but it tarnishes a productivity tool that once used most developers won't want to go without. I did 10 hours of programming in about 30 minutes the other day.... Say what you will this tool is absolutely amazing!
Click to expand...
Bad press ?.. So what, censoring an information that is obviously true just because you find this tool useful ?.. which will ultimately put you out of your job, btw. SMH
 
Dunkerton said:
The equivalent of your time saving example is 19 programmers becoming obsolete for every 1 employed due to these AI tools. I hope that doesn't become reality, I have a lot of buddies who are in programming.
Click to expand...
I can't see companies removing 95% of their workforce, however 25-50% wouldn't be out of the question.
 
IksPiks said:
Bad press ?.. So what, censoring an information that is obviously true just because you find this tool useful ?.. which will ultimately put you out of your job, btw. SMH
Click to expand...
Well listen, releasing information that can be used by bad actors in a way they may not of thought of doing is never a good thing. It's like saying we can use 3d printers to create 3d printed guns. The tool is fantastic but when you give people shitty ideas there is consequences to these kind of articles. Unfortunately a certain amount of people after reading the article may decide they want to try developing some maleware, just because they can. This was my point, if you don't agree than we can agree to disagree.
 
CommonSense said:
Well listen, releasing information that can be used by bad actors in a way they may not of thought of doing is never a good thing. It's like saying we can use 3d printers to create 3d printed guns. The tool is fantastic but when you give people shitty ideas there is consequences to these kind of articles. Unfortunately a certain amount of people after reading the article may decide they want to try developing some maleware, just because they can. This was my point, if you don't agree than we can agree to disagree.
Click to expand...
ComonSense ? 😆. You're obviously not realizing that the standard argument of all those who like censoring is : "Oh ! This is for your own good !". You're one of those... Then the FBI contacts you about the Hunter Biden shitshow and you oblige without even thinking twice... Go work for YouTube, enforcing "community guidelines" - you're a perfect match, buddy !
And btw, those with malware on their minds will use AI whether you advertise it or not. For all the others, it's just interesting information (that you would rather see suppressed)... People are not children. They don't need you to protect them.
 
When people only read what they wanna hear ... Its not about censoring free speech, or political figures / ideas. That should NEVER happen. Let me re-explain since clearly you need it. The media has a responsibility, the same thing they have when a school shooter kills a bunch of people to NOT publish his name so as to not entice other school shooters to clout chase or do it for fame. This isn't "for your own good" it has nothing to do with that, its simply to increase PUBLIC SAFETY, and no I'm not talking lie to me about a vaccine to increase public saftey .... that is also different. The point here is articles like this can/probably will increase the maleware on the internet and do so proficiently as well. For this reason alone I personally think the article does more damage than good. I'm not exactly sure what "good" if any its doing other than informing us for the 1100th time on another chatgpt function except one that can be used for bad purposes and doesn't help anyone except the criminal trying to steal your money.
IksPiks said:
ComonSense ? 😆. You're obviously not realizing that the standard argument of all those who like censoring is : "Oh ! This is for your own good !". You're one of those... Then the FBI contacts you about the Hunter Biden shitshow and you oblige without even thinking twice... Go work for YouTube, enforcing "community guidelines" - you're a perfect match, buddy !
And btw, those with malware on their minds will use AI whether you advertise it or not. For all the others, it's just interesting information (that you would rather see suppressed)... People are not children. They don't need you to protect them.
Click to expand...
 
CommonSense said:
Bad press for such an amazing tool! Techspot should consider removing this article. Not only does it promote a way for the average person to create malware but it tarnishes a productivity tool that once used most developers won't want to go without. I did 10 hours of programming in about 30 minutes the other day.... Say what you will this tool is absolutely amazing!
Click to expand...
If the article present an extreme negative perspective, your is on the opposite spectrum - an extreme positive(gullible) one. ChatGPT is a tool, and like any other tool it takes its value by how people are using it, especially those in power, and any intelligent people knows that power, by implication, is usually abused, and also almost anybody make stupid things.
 
CommonSense said:
When people only read what they wanna hear ... Its not about censoring free speech, or political figures / ideas. That should NEVER happen. Let me re-explain since clearly you need it. The media has a responsibility, the same thing they have when a school shooter kills a bunch of people to NOT publish his name so as to not entice other school shooters to clout chase or do it for fame. This isn't "for your own good" it has nothing to do with that, its simply to increase PUBLIC SAFETY, and no I'm not talking lie to me about a vaccine to increase public saftey .... that is also different. The point here is articles like this can/probably will increase the maleware on the internet and do so proficiently as well. For this reason alone I personally think the article does more damage than good. I'm not exactly sure what "good" if any its doing other than informing us for the 1100th time on another chatgpt function except one that can be used for bad purposes and doesn't help anyone except the criminal trying to steal your money.
Click to expand...
Ok... Rrrrrrebottle !.. Those you call "the criminal" are experts of sorts and by the time the media reports about things like these, it's already too late - so the only ones being informed are the general public. So you see, your "public safety" censorship is just that - censorship.
Funny thing is, for all of you censor-philes, every time information was being censored before is "completely different" from what you're willing to suppress.
 
IksPiks said:
Ok... Rrrrrrebottle !.. Those you call "the criminal" are experts of sorts and by the time the media reports about things like these, it's already too late - so the only ones being informed are the general public. So you see, your "public safety" censorship is just that - censorship.
Funny thing is, for all of you censor-philes, every time information was being censored before is "completely different" from what you're willing to suppress.
Click to expand...
They're an expert in creating maleware, not the latest installment of AI chat bot tech and its capabilities. As someone who has a degree in computer science I can tell you as a member of the community that creates this stuff this to be in general true. These articles give bad people bad ideas. Don't get too caught up in the censoring of everything else ... I would agree most censorship is bad. But are you telling me there should be no censorship at all?? When there is a school shooter should they release his name? If there are blueprints to a bomb available should they publicize them?
 
CommonSense said:
They're an expert in creating maleware, not the latest installment of AI chat bot tech and its capabilities. As someone who has a degree in computer science I can tell you as a member of the community that creates this stuff this to be in general true. These articles give bad people bad ideas. Don't get too caught up in the censoring of everything else ... I would agree most censorship is bad. But are you telling me there should be no censorship at all?? When there is a school shooter should they release his name? If there are blueprints to a bomb available should they publicize them?
Click to expand...
I'm a "software engineer" too... have been forever. Since the Amiga times, demo coding, etc... When it comes to malicious code, you wouldn't believe what those guys know and how early they catch on. They often exploit holes in systems for years before anyone else finds out about them... So are they aware that ChatGPT could be used for malicious intent ?.. Give me a break. Now should the NY-Times explain exactly, in detail, how to use ChatGPT to create a ransomware, with code and all ? Of course not. Same goes for bomb blueprints... As far as shooters names, it's irrelevant nowadays - nobody cares anymore as you only need to google the shooting and you'll get the name.
We live in crazy times where we have lots of everything but very little, well... common-sense ! 😆 So, if given a choice, I prefer no censorship at all than some done by some woke/hysterical degenerate.
 
You must log in or register to reply here.

Similar threads

midian182
Judge cuts law firm's legal bill in half after it used ChatGPT to calculate "excessive"...
Replies
10
Views
214
ZedRM
ZedRM
midian182
ChatGPT tops Wikipedia's most viewed articles of 2023 list
Replies
0
Views
202
midian182
midian182
midian182
You can build and monetize your own ChatGPT with OpenAI's new platform
Replies
3
Views
365
Knot Schure
Knot Schure

Latest posts

Back