ChatGPT Used By Cybercriminals to Write Malware
OpenAI’s new ChatGPT AI-powered chatbot is being used by cybercriminals to write malware and improve operations.
Sign up forfree
Forgot your password?
Create an account
*Required: 8 chars, 1 capital letter, 1 number
By continuing, you agree to thePrivacy PolicyandTerms of Use.You also agree to receive our newsletters, you can opt-out any time.
Cybersecurity experts from Check Point Research have found hackers using the ChatGPT chatbot to write malicious code and improve upon cybercrime operations.
On November 30, 2022, OpenAI launched its own chatbot known as ChatGPT. This chatbot can engage in conversation with users, but it didn’t take long after the launch date for cybercriminals to begin abusing this bot.
In aCheck Point Research post, it was written that researchers had found a thread named “‘ChatGPT – Benefits of Malware’” on a hacking forum. The author seemed to be “experimenting with ChatGPT to recreate malware strains and techniques described in research publications and write-ups about common malware”, and shared an example of their work; a Python-based stealer that “searches for common file types, copies them to a random folder inside the Temp folder, ZIPs them and uploads them to a hardcoded FTP server.”
Check Point Research alerted the public on Twitter, stating that “The abuse of #ChatGPT in no longer theoretical”.
Check Point Research Has Verified the Author’s Claims
After assessing the malware script example provided in the hacking forum post, Check Point Research determined that it was legitimate.
It was found that this specific strain of malware can search for twelve common file types, including PDFs, Microsoft Office documents, and images. If the malware discovers any potentially valuable files, they are copied and zipped. The malware operator is then sent the copied files via an online connection.
Check Point Research also noted that the malware operator did not encrypt the copied files or send them securely, meaning they may fall into the hands of third parties.
ChatDPT Is Being Used for Additional Illicit Activities
Check Point Research also stated in the aforementioned post that threat actors can use ChatGPT for other criminal activities. An additional discussion, titled “Abusing ChatGPT to create Dark Web Marketplaces scripts.”, was found by Check Point Research, in which the author showed how easy it is to create a Dark Web marketplace, using ChatGPT."
In the thread, the author published code that can receive live cryptocurrency prices using a third-party API. This then contributed towards thecrypto-based payment systems often used on the dark web.
Check Point Research concluded that “It’s still too early to decide whether or not ChatGPT capabilities will become the new favorite tool for participants in the Dark Web.” The company will continue to monitor the illicit use of ChatGPT throughout 2023 to see how things play out.
Artificial Intelligence May Continue to Be Leveraged by Cybercriminals
As artificial intelligence continues to develop, it’s likely that threat actors will continue to seek new ways to abuse it. Time will tell whether ChatGPT becomes popular among cybercriminals, or whether another AI-based tool will take the cake.
Unlock a world of entertainment possibilities with this clever TV hack.
Not all true crime is about hacking, slashing, and gore.
Obsidian finally feels complete.
You can’t call this offline, Notion.
My foolproof plan is to use Windows 10 until 2030, with the latest security updates.
If an AI can roast you, it can also prep you for emergencies.
