Security researchers performed a full infection flow using ChatGPT in December, from crafting a convincing spear-phishing email to running a reverse shell capable of accepting English-language commands.
At the time, the question arose whether this was just a hypothetical threat or whether there were already threat actors using OpenAI technologies for malicious purposes. Analysis of several major underground hacking communities conducted by Check Point Research (CPR) shows that cybercriminals are already beginning to use OpenAI to develop malicious tools. As suspected by the security experts, some of the cases clearly showed that many cyber criminals using OpenAI have no development skills at all. While the tools featured in this report are fairly basic, it's only a matter of time before more sophisticated threat actors improve the way they can use AI-based tools to do damage.
ChatGPT for cyber scams
On December 29, 2022, a thread titled “ChatGPT – Benefits of Malware” appeared on a popular underground hacking forum. The thread author revealed that he was experimenting with ChatGPT to emulate malware strains and techniques described in research publications and popular malware reports. As an example, he shared the code of a Python-based stealer that looks for common file types, copies them to a random folder inside the Temp folder, packs them into a ZIP format, and uploads them to a hardcoded FTP server. Also, on December 21, 2022, a threat actor identified as USDoD posted a Python script that he stressed was the first script he had ever created. Another example of ChatGPT being used for fraudulent activity was posted on New Year's Eve 2022, showing a different type of cybercriminal activity. While the first two examples focused more on malware-oriented usage of ChatGPT, this example shows a discussion titled "Abusing ChatGPT to create Dark Web Marketplaces scripts".
Conclusion
It's still too early to tell whether or not ChatGPT skills will become the new favorite tool of participants on the dark web. However, cyber criminals have already shown significant interest and are jumping on this latest malicious code generation trend. CPR will continue to pursue these activities in 2023.
More at Checkpoint.com
About check point Check Point Software Technologies GmbH (www.checkpoint.com/de) is a leading provider of cybersecurity solutions for public administrations and companies worldwide. The solutions protect customers from cyberattacks with an industry leading detection rate for malware, ransomware and other types of attacks. Check Point offers a multi-level security architecture that protects company information in cloud environments, networks and on mobile devices, as well as the most comprehensive and intuitive “one point of control” security management system. Check Point protects over 100.000 businesses of all sizes.