From now on launch The ChatGPT AI bot has been tested on a wide range of tasks: it not only answers questions, but also writes technical articles, essays, poetry, and computer code. As it turned out, the latter should be paid close attention, because this code can be malicious if the user sets such a task for artificial intelligence.
Image source: Moritz Erken / unsplash.com
Cybersecurity experts at Check Point Research have published report, which described how members of hacker forums use ChatGPT to write malicious code and phishing emails – some of these people have little or no programming experience at all. One of the examples above describes a Python script that, with some tweaking, can be turned into ransomware that can encrypt data on a user’s computer. Another Python script created by ChatGPT searches for files of a given type, for example, PDF, on the local machine, compresses them and sends them to the server of a potential attacker – this is a standard information theft scenario.
In Java, the neural network has created a code that performs a hidden download of the PuTTY SSH and telnet client for the subsequent launch of the PowerShell interface. In another example, a script written by ChatGPT was intended to launch an online trading platform where compromised accounts, bank card data, malware and other virtual goods that are sold on the dark web are bought or exchanged. The script was connected to a third-party interface to obtain up-to-date data on the quotes of the most popular cryptocurrencies to simplify calculations.
Check Point Research researchers themselves tried to use a neural network to simulate a hacker attack – AI “did not fail.” The bot kindly crafted a convincing phishing email for them, informing them that their account had been blocked from one of the hosts and suggesting that they open the attached Excel file. After several attempts, ChatGPT also wrote a malicious VBA macro embedded in this file. But the Codex specialized AI code generation system turned out to be a much more powerful tool, with which the researchers received a whole set of malware: the Reverse Shell interface and scripts for port scanning, sandbox detection, and compilation of Python code into a Windows executable file.
If you notice an error, select it with the mouse and press CTRL + ENTER.