Cybercrooks starting to use ChatGPT, say researchers

Share post:

Just over a month after the release of the AI-powered chatbot, ChatGPT, cybercrooks are boasting of using the application to create new weapons.

Check Point Software researchers say conversations on several major underground hacking communities show many cybercriminals with no development skills are using ChatGPT to create basic tools.

“it’s only a matter of time until more sophisticated threat actors enhance the way they use AI-based tools for bad,” the researchers add.

ChatGPT is touted as a query tool trained to determine what humans mean when they ask a question and respond accordingly. Experts point out that threat actors could use it to create new malware and reverse-engineer security applications.

Examples of the ChatGPT-related work of threat actors that Check Point discovered include:

— a Dec. 29 thread from a person who shared the code of a Python-based information stealer that searches an infected computer for common file types, copies them to a random folder inside the Temp folder, ZIPs them and uploads them to a hardcoded FTP server;

Check Point analyzed the published code and confirmed the cybercriminal’s claims. “It is worth noting that the actor didn’t bother encrypting or sending the files securely, so the files might end up in the hands of 3rd parties as well,” the researchers add;

— a second script created by the same person using ChatGPT, a simple Java snippet that downloads PuTTY, a very common SSH and telnet client, and runs it covertly on the system using Powershell. This script can be modified to download and run any program, including common malware families.

The purpose of this person’s posts is to show less technically capable cybercriminals how to utilize ChatGPT for malicious purposes, the researchers say, with real examples they can immediately use.

–a Dec. 21 post by a threat actor dubbed USDoD, who claimed the included Python script was the first he ever created. Check Point researchers described it as “a hodgepodge of different signing, encryption and decryption functions.”

At first glance, they said, the script seems benign, but it implements a variety of different functions including generating a cryptographic key that is used in signing files, and using a hard-coded password to encrypt files in a hacked system using the Blowfish and Twofish algorithms concurrently in a hybrid mode. These functions allow the user to encrypt all files in a specific directory or a list of files;

–a Dec. 31 thread where a cybercriminal shows how easy it is to create a Dark Web marketplace using ChatGPT. The author showed a piece of code that uses third-party APIs to get up-to-date cryptocurrency (Monero, Bitcoin and Etherium) prices as part of the Dark Web market payment system;

–this month, several threat actors opened discussions in additional underground forums that focused on how to use ChatGPT for fraudulent schemes, the report says. Most focused on generating random art with another OpenAI technology, DALL-E 2, and selling them online using legitimate platforms like Etsy. In another example, the threat actor explains how to generate an e-book or short chapter for a specific topic — using ChatGPT — and sell this content online.

“It’s still too early to decide whether or not ChatGPT capabilities will become the new favorite tool for participants in the Dark Web,” Check Point concedes. “However, the cybercriminal community has already shown significant interest and are jumping into this latest trend to generate malicious code.”

The post Cybercrooks starting to use ChatGPT, say researchers first appeared on IT World Canada.

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.


Related articles

Cyber Security Today, June 12, 2024 – More Snowflake storage victims found, Microsoft issues new Windows patches,

More Snowflake storage victims found, Microsoft issues new Windows patches, and more. Welcome to Cyber Security Today. It's Wednesday,...

Former OpenAI employee alleges plan for AGI bidding war

In a recent interview, former OpenAI safety researcher Leopold Aschenbrenner made startling claims about his ex-employer's strategy regarding...

Malicious code in millions of installs traced to Microsoft Visual Studio

A group of Israeli researchers found thousands of potentially harmful extensions on the Visual Studio Code (VSCode) Marketplace,...

Cyber Security Today, June 10, 2024 – Microsoft backs down on Recall

Microsoft backs down on Recall. Welcome to Cyber Security Today. It's Monday, June 10th, 2024. I'm Howard Solomon, contributing...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways