12 Jan. (Portaltic/EP) –
Researchers have discovered that cybercriminals have started using the ChatGPT Artificial Intelligence (AI) tool, developed by OpenAI, to recreate strains of ‘malware’ and run malicious software attacks.
ChatGPT is an artificial intelligence chat developed by OpenAI, trained to hold a text conversation. It is a chat that is based on the GPT 3.5 language model, and in recent days it has been surprising for the naturalness of its responses and for its ability to generate and link ideas and remember previous conversations.
To be able to use this chatbot, it is only necessary to have an OpenAI account, a place from where can be downloaded for free. The accessibility to this tool is what has alerted cybersecurity companies, such as Check Point.
At the end of last December and given the growing interest in ChatGPT, the technical director of Check Point ‘software’, Eusebio Nieva, warned that “anyone with minimal resources and zero knowledge of code You can easily exploit it.”
Now, a group of researchers from this cybersecurity company has found indications that malicious actors are using ChatGPT to execute ‘malware’ campaigns using usual methods used in this type of actions, which he collects in a publication on his official blog.
was the past December 29 when a thread called ‘ChatGPT – Malware Benefits’ appeared on an underground hacking forum, in which its author shared his experiments with this chatbot.
“I have recreated many strains and techniques of ‘malware’ based on research publications and analysis of these attacks,” said this actor. In turn, he commented that he had used a malicious ‘software’ based on Python to search for files, copy them to a folder, compress them and upload them to an encrypted FTP server.
After carrying out a series of tests, the researchers verified that the cybercriminal was correct and that he could create a ‘malware’ capable of collecting Microsoft Office files, PDFs or system images.
In case it finds a file of interest, it copies it to a temporary directory, compresses it and shares it over the web, in addition, without adding encryption. This means that by transferring these files without such a security system, these files could also end up in the hands of third parties.
check point found other evidence of misuse of ChatGPT by this threat actor in the creation of a Java snippet. It downloads a common SSH client, putty, and runs it covertly, using Powershell.
The company points out that this ‘script’ can be modified to download and run any program, including the most common ‘malware’ families.
On the other hand, CheckPoint has intercepted another cybercriminal, going by the nickname USDoD, who said via the same hacking forum that he had just created his first Python-based script.
After another user commented in this space that the code style was similar to that of OpenAI, this malicious actor suggested that it had served him well. finish that script. After carrying out the pertinent checks, the cybersecurity company specified that it was a ‘script’ that could be used for encryption and encryption purposes, but also for malicious purposes.
CheckPoint has also qualified in its blog that it intercepted another type of use of this chatbot, beyond that which is oriented towards ‘malware’. Specifically, he verified that it could be used to create ‘scripts’ focused on dark web markets.
These platforms are used for the sale of illegal products or tangible goods, such as medicines, false documents, fraud-related items, and hacking tools.
Finally, the cybersecurity company has commented that at the beginning of this year several threat actors mentioned bad practices with ChatGPT in this type of forum. Then, cybercriminals became more interested in generating counterfeit art with DALL-E 3 and sell it through legitimate platforms, such as Etsy.