Criminals are increasingly exploiting DeepSeek and Qwen. They use jailbreaking techniques to create their malicious content to commit financial and information theft and spread spam. Hackers share their methods with each other.
Check Point Software Technologies is already seeing the first cases of abuse of the new AI models: Following the launch of DeepSeek and Qwen, security researchers at Check Point Research (CPR) observed that cybercriminals quickly switched from ChatGPT to these new platforms to develop malicious content. Hackers are sharing information about how to manipulate the models and display uncensored content, and there are many methods for removing censorship from AI models. These include detailed guides for jailbreaking methods, circumventing anti-fraud measures, and developing malware themselves.
AI: Powerful tools for creating malicious content
Both Qwen and DeepSeek have proven to be powerful tools for creating malicious content with minimal restrictions. While ChatGPT has invested significantly in anti-abuse measures over the past two years, these newer models appear to offer little resistance to abuse. This attracts the interest of attackers at various levels, especially those with lower levels of skill who leverage existing scripts or tools without a deep understanding of the underlying technology.
It's important to note, however, that despite ChatGPT's anti-abuse protection mechanisms, uncensored versions of ChatGPT are already available in various repositories on the dark web. However, as these new AI models gain popularity, similar uncensored versions of DeepSeek and Qwen are expected to emerge, further increasing the associated risks.
Cyber criminals have repeatedly used Qwen to create various infostealers, primarily designed to intercept sensitive information from unsuspecting users.
Jailbreaking Prompts
Jailbreaking refers to methods that allow users to manipulate AI models to generate uncensored or unrestricted content. This tactic has become a preferred technique for exploiting AI capabilities for malicious purposes.
Bypassing Banking Protections
Several chat discussions were found about techniques for using DeepSeek to bypass banking systems' protections, indicating the potential for significant financial theft.
Distribution of spam in masses
Cybercriminals use three AI models – ChatGPT, Qwen, and DeepSeek – to optimize scripts for mass spam distribution, thus increasing the efficiency of their malicious activities.
The dark side of advanced AI tools
The rise of AI models like Qwen and DeepSeek marks a worrying trend in the cyber world, where sophisticated tools are increasingly being misused for malicious purposes. As hackers use advanced techniques like jailbreaking to circumvent security measures and develop information theft, financial theft, and spam distribution, organizations urgently need to implement preventative defenses against these evolving threats to ensure robust protection.
More at CheckPoint.com
About check point Check Point Software Technologies GmbH (www.checkpoint.com/de) is a leading provider of cybersecurity solutions for public administrations and companies worldwide. The solutions protect customers from cyberattacks with an industry leading detection rate for malware, ransomware and other types of attacks. Check Point offers a multi-level security architecture that protects company information in cloud environments, networks and on mobile devices, as well as the most comprehensive and intuitive “one point of control” security management system. Check Point protects over 100.000 businesses of all sizes.
Matching articles on the topic