ChatGPT is enabling script kiddies to write functional malware

Since the beta version was launched in November, the AI ​​chatbot “ChatGPT” has been used for a wide range of tasks, including writing poetry, technical papers, novels and essays, planning parties, and learning new topics. Now you can add malware development and tracking other types of cybercrime to your list.

Researchers at security firm Check Point Research said Friday that within weeks of ChatGPT going live, cybercrime forum participants, some with little or no coding experience, were using ChatGPT to reported creating software and emails that could be used for espionage, ransomware, and malicious programs. Spam, and other malicious tasks.

“It is still too early to tell whether ChatGPT functionality will become a new favorite tool for dark web participants,” the company’s researchers wrote. “However, the cybercriminal community has already shown great interest and is diving into this latest trend of generating malicious code.”

Last month, a forum participant posted what they claimed was the first script they wrote, describing an AI chatbot as “awesome. [helping] Finish the script to a nice extent by hand.

Python code combines various cryptographic functions such as code signing, encryption, and decryption. Part of the script generated a key for signing files using elliptic curve cryptography and the curve ed25519. Another part used a hard-coded password to encrypt system files using the Blowfish and Twofish algorithms. A third attacker used RSA keys and digital signatures, message signatures, and the blake2 hash function to compare various files.

As a result, to (1) decrypt a single file and append a message authentication code (MAC) to the end of the file, (2) encrypt a hardcoded path, and decrypt the list of files received. I now have a script that I can use. argument. Not bad for those with limited technical skills.

“Of course, all of the aforementioned code can be used in harmless ways,” the researchers wrote. “However, this script can easily be modified to completely encrypt someone’s machine without user interaction. I have.”

In another case, a forum participant with a more technical background posted two code samples written using ChatGPT. The first is a post-exploit information-stealing Python script. It searched for specific file types, such as PDFs, copied them to a temporary directory, compressed them, and sent them to an attacker-controlled server.

This individual posted a second piece of code written in Java. I secretly downloaded the SSH and telnet client PuTTY and ran it using Powershell. “Overall, this person appears to be a tech-oriented threat actor. The purpose of his post is to teach low-tech cybercriminals how to use his ChatGPT for malicious purposes so that they can quickly It is to show and show a real-life example that can be used to

Yet another example of crimeware created by ChatGPT creates automated online bazaars to purchase or trade credentials for compromised accounts, payment card data, malware, and other illegal goods and services. was designed to The code used third-party programming interfaces to obtain current cryptocurrency prices such as Monero, Bitcoin, and Ethereum. This helped users set prices when processing purchases.

Friday’s post comes two months after Check Point researchers attempted to develop an AI-generated malware with a complete infection flow. He generated a pretty convincing phishing email without writing a single line of code.

Researchers used ChatGPT to develop malicious macros hidden in Excel files attached to emails. Again, they didn’t write a single line of code. Initially, the output script was rather primitive:

However, when the researchers instructed ChatGPT to repeat the code a few more times, the code quality improved significantly.

Researchers then used a more advanced AI service called Codex to detect other types of malware, including port scanning, sandbox detection, and reverse shells and scripts to compile Python code into Windows executables. developed.

“And just like that, the infection flow was completed,” the researchers wrote. “I created a phishing email with an attached Excel document containing malicious VBA code that downloaded a reverse shell onto the victim machine.

ChatGPT’s terms prohibit use for illegal or malicious purposes, but the researchers had no problem fine-tuning their requests to circumvent these restrictions. Of course, ChatGPT can also be used by defenders to write code to search for malicious URLs in files, or to query her VirusTotal for the number of detections of a particular cryptographic hash.

Welcome to the wonderful new world of AI. It is too early to know exactly how that will shape the future of offensive hacking and defensive remediation, but we are confident that it will only intensify the arms race between defenders and threat actors. I’m here.