It’s a worrying trend: hackers have also taken over ChatGPT and some are using it to create phishing emails and malware in seconds. The beginning of a new era ?
It was to be expected, generative AIs are already being used to design malware at lightning speed. And it is worrying.
In a blog post published a few days ago, Check Pont Research sounded the alarm: cybercriminals have also realized the value of OpenAI’s powerful tool and are already using it to design new malware. Worse, perhaps: the individuals who work on these programs are not seasoned developers… Rather kiddies script which compensate for their weaknesses in code with the prowess of ChatGPT.
File theft, ransomware: when ChatGPT helps cybercriminals
On a forum frequented by cybercriminals pointed out by Check Point, we can thus discover the work of several “hackers” who have taken advantage of the OpenAI service for disastrous projects. One of them, for example, has developed, thanks to the bot, software capable of stealing files from a machine (a stealer) Windows. It is able to scan the computer for 12 specific file types (PDF, images, Office documents, etc.) and then zip them into a password-protected file before sending it to the cloud. It is a very basic malware for the moment, but the individual writes that he is only at the beginning of his research, and that he intends to improve his program in order, in particular, to allow him to escape antivirus monitoring.
On the same forum, another hacker managed to design a Python script capable of encrypting and decrypting files on the fly. A code that Check Point considers “benign” as it is, but which could easily be transformed into a ransomware tool.
A boon for phishing
Ideas are flowing, in any case: some also use it with the idea of creating a shop for illegal goods on the Dark Web in a few clicks, or even to generate fake content (e-books, training, etc.) that they will then sell on the Web. ChatGPT is also a great way to craft high-quality phishing emails in the hacker’s target language. Do you want a fake EDF reminder letter in perfectly correct French? ChatGPT can write you that in seconds.
Yes, the malicious codes mentioned above are rather basic and would make any security expert smile. But the concern is elsewhere. By making it easier to create malicious code like creating phishing emails, ChatGPT will give unskilled cybercriminals new opportunities to steal and encrypt your files… or scam you in some way. And this is very bad news.
Check Point Research