You can see previous news in the old version of the news blog. Watch
Hackers use ChatGPT AI bot to create viruses.
Since its launch, the ChatGPT AI bot has been tested on a wide range of tasks: it not only answers questions, but also writes technical articles, essays, poetry, and computer code. As it turned out, the latter should be paid close attention, because this code can be malicious if the user sets such a task for artificial intelligence.
Cybersecurity experts at Check Point Research published a report showing how members of hacker forums are using ChatGPT to write malicious code and phishing emails - some of these people have little or no programming experience. One of the examples above describes a Python script that, with some tweaking, can be turned into ransomware that can encrypt data on a user's computer. Another Python script created by ChatGPT searches for files of a given type, for example, PDF, on the local machine, compresses them and sends them to the server of a potential attacker - this is a standard information theft scenario.
In Java, the neural network has created a code that performs a hidden download of the PuTTY SSH and telnet client for the subsequent launch of the PowerShell interface. In another example, a script written by ChatGPT was intended to launch an online trading platform where compromised accounts, bank card data, malware and other virtual goods that are sold on the dark web are bought or exchanged. The script was connected to a third-party interface to obtain up-to-date data on the quotes of the most popular cryptocurrencies to simplify calculations.
Check Point Research researchers themselves tried to use a neural network to simulate a hacker attack - AI "did not fail." The bot kindly crafted a convincing phishing email for them, informing them that their account had been blocked from one of the hosts and suggesting that they open the attached Excel file. After several attempts, ChatGPT also wrote a malicious VBA macro embedded in this file. But the Codex specialized AI code generation system turned out to be a much more powerful tool, with which the researchers received a whole set of malware: the Reverse Shell interface and scripts for port scanning, sandbox detection, and compilation of Python code into a Windows executable file.