ChatGPT is also getting used to write fairly complex malicious code

Alfonso Maruccia

Posts: 177   +91
Staff
A hot potato: Despite being just a beta release, ChatGPT is already showing impressive capabilities to the entire spectrum of internet communities, including underground forums, where seasoned cyber-criminals have demonstrated how the AI can make creating functional malware much easier.

While New York City schools have decided to ban ChatGPT from their network and devices, the internet criminal underground is looking into adopting the new technology to create malware faster. The machine learning-based chatbot was designed to interact in a conversational way, answer follow-up questions and admit its mistakes, and it seems OpenAI researchers made such a good job that the service can even write code that works with just a few adjustments here and there.

Security enterprise Check Point recently scoped cyber-crime forums in search of ChatGPT-assisted pieces of malicious code. They found what they were searching for, as ChatGPT is seemingly being used both as an "educational" tool and as a pure malware-creation platform.

Thanks to OpenAI's chatbot, users of the underground hacking forum analyzed by Check Point were able to create a Python-based stealer that searches for common file types, copies them to the Temp folder, ZIPs them and uploads them to a hardcoded FTP server. Lather analyses confirmed that the malicious code could work.

A second sample, created by the same user, was a Java-based code snippet capable of downloading an SSH/Telnet client (PuTTY) and then running it covertly on the system using Powershell – a function that could be modified to download and run any program. Other, less capable "threat actors" used ChatGPT to create an encryption tool so that they could easily generate cryptographic keys, encrypt files, compare hashes and more.

ChatGPT can even be (ab)used to "facilitate fraud activity," Check Point warned, as the service was also able to create marketplace scripts for the Dark Web, using third-party APIs to "get up-to-date cryptocurrency (Monero, Bitcoin and Etherium) prices as part of the Dark Web market payment system."

Check Point previously tried their hand at automating an entire infection flow complete with a phishing email and malicious Excel VBA code. Furthermore, the researchers also used Codex – another code-creating, AI-based system – to create other types of complex pieces of (potentially) malicious code.

Regarding ChatGPT, the researchers say that it's still too early to decide whether or not the chatbot "will become the new favorite tool for participants in the Dark Web." However, the underground community has already shown a significant interest in "jumping into this latest trend to generate malicious code." ChatGPT should include some safeguards to avoid abuse, but malware authors and script kiddies have shown they can easily bypass those safeguards.

Permalink to story.

 

CommonSense

Posts: 17   +7
Bad press for such an amazing tool! Techspot should consider removing this article. Not only does it promote a way for the average person to create malware but it tarnishes a productivity tool that once used most developers won't want to go without. I did 10 hours of programming in about 30 minutes the other day.... Say what you will this tool is absolutely amazing!
 

Dunkerton

Posts: 78   +166
Bad press for such an amazing tool! Techspot should consider removing this article. Not only does it promote a way for the average person to create malware but it tarnishes a productivity tool that once used most developers won't want to go without. I did 10 hours of programming in about 30 minutes the other day.... Say what you will this tool is absolutely amazing!

The equivalent of your time saving example is 19 programmers becoming obsolete for every 1 employed due to these AI tools. I hope that doesn't become reality, I have a lot of buddies who are in programming.
 

EdmondRC

Posts: 441   +650
Technology is advancing, people are not. This is the dilemma I see in our future. Really dumb people basically being controlled by really advanced AI. We will be entertained by it, we will depend on it, we won't be able to shop for groceries or balance a budget without it. AI will become our new "personal assistant" but it will be intrusive and run our lives and we will let it. Without it, we will no longer know how to live. All the free time that we gain for it will be in pursuit of trivialities. It will happen quickly too, the first iPhone was released in 2007, in 2023 there are more smartphones in the world than there are people. It is estimated that 6.8 B (of 8B) people currently use smartphones. That's in 15 years! Give AI 15 years, where will we be? Give it 5.
 

bviktor

Posts: 1,146   +1,681
Bad press for such an amazing tool! Techspot should consider removing this article. Not only does it promote a way for the average person to create malware but it tarnishes a productivity tool that once used most developers won't want to go without. I did 10 hours of programming in about 30 minutes the other day.... Say what you will this tool is absolutely amazing!
No one disputed it can be used for great stuff. Reading comprehension, dude.
 

IksPiks

Posts: 22   +16
Bad press for such an amazing tool! Techspot should consider removing this article. Not only does it promote a way for the average person to create malware but it tarnishes a productivity tool that once used most developers won't want to go without. I did 10 hours of programming in about 30 minutes the other day.... Say what you will this tool is absolutely amazing!
Bad press ?.. So what, censoring an information that is obviously true just because you find this tool useful ?.. which will ultimately put you out of your job, btw. SMH
 

CommonSense

Posts: 17   +7
The equivalent of your time saving example is 19 programmers becoming obsolete for every 1 employed due to these AI tools. I hope that doesn't become reality, I have a lot of buddies who are in programming.
I can't see companies removing 95% of their workforce, however 25-50% wouldn't be out of the question.
 

CommonSense

Posts: 17   +7
Bad press ?.. So what, censoring an information that is obviously true just because you find this tool useful ?.. which will ultimately put you out of your job, btw. SMH
Well listen, releasing information that can be used by bad actors in a way they may not of thought of doing is never a good thing. It's like saying we can use 3d printers to create 3d printed guns. The tool is fantastic but when you give people shitty ideas there is consequences to these kind of articles. Unfortunately a certain amount of people after reading the article may decide they want to try developing some maleware, just because they can. This was my point, if you don't agree than we can agree to disagree.
 

IksPiks

Posts: 22   +16
Well listen, releasing information that can be used by bad actors in a way they may not of thought of doing is never a good thing. It's like saying we can use 3d printers to create 3d printed guns. The tool is fantastic but when you give people shitty ideas there is consequences to these kind of articles. Unfortunately a certain amount of people after reading the article may decide they want to try developing some maleware, just because they can. This was my point, if you don't agree than we can agree to disagree.
ComonSense ? 😆. You're obviously not realizing that the standard argument of all those who like censoring is : "Oh ! This is for your own good !". You're one of those... Then the FBI contacts you about the Hunter Biden shitshow and you oblige without even thinking twice... Go work for YouTube, enforcing "community guidelines" - you're a perfect match, buddy !
And btw, those with malware on their minds will use AI whether you advertise it or not. For all the others, it's just interesting information (that you would rather see suppressed)... People are not children. They don't need you to protect them.
 

CommonSense

Posts: 17   +7
When people only read what they wanna hear ... Its not about censoring free speech, or political figures / ideas. That should NEVER happen. Let me re-explain since clearly you need it. The media has a responsibility, the same thing they have when a school shooter kills a bunch of people to NOT publish his name so as to not entice other school shooters to clout chase or do it for fame. This isn't "for your own good" it has nothing to do with that, its simply to increase PUBLIC SAFETY, and no I'm not talking lie to me about a vaccine to increase public saftey .... that is also different. The point here is articles like this can/probably will increase the maleware on the internet and do so proficiently as well. For this reason alone I personally think the article does more damage than good. I'm not exactly sure what "good" if any its doing other than informing us for the 1100th time on another chatgpt function except one that can be used for bad purposes and doesn't help anyone except the criminal trying to steal your money.
ComonSense ? 😆. You're obviously not realizing that the standard argument of all those who like censoring is : "Oh ! This is for your own good !". You're one of those... Then the FBI contacts you about the Hunter Biden shitshow and you oblige without even thinking twice... Go work for YouTube, enforcing "community guidelines" - you're a perfect match, buddy !
And btw, those with malware on their minds will use AI whether you advertise it or not. For all the others, it's just interesting information (that you would rather see suppressed)... People are not children. They don't need you to protect them.
 

AndreV

Posts: 18   +6
Bad press for such an amazing tool! Techspot should consider removing this article. Not only does it promote a way for the average person to create malware but it tarnishes a productivity tool that once used most developers won't want to go without. I did 10 hours of programming in about 30 minutes the other day.... Say what you will this tool is absolutely amazing!
If the article present an extreme negative perspective, your is on the opposite spectrum - an extreme positive(gullible) one. ChatGPT is a tool, and like any other tool it takes its value by how people are using it, especially those in power, and any intelligent people knows that power, by implication, is usually abused, and also almost anybody make stupid things.