Cybercriminals are already using OpenAI’s chatbot ChatGPT to build hacking tools, according to security analysts.
One documented example was discovered by Israeli security firm Check Point.(opens in new window) A thread on a popular underground hacking forum by a hacker who said he was experimenting with “recreating a strain of malware” with a popular AI chatbot.
Hackers compressed Android malware created by ChatGPT and shared it on the web. This malware had the ability to steal targeted files. forbes report(opens in new window).
The same hacker showed off another tool that could install a backdoor on your computer and infect your PC with more malware.
Checkpoints pointed out in the evaluation(opens in new window) About how some hackers used ChatGPT to write their first scripts. On the aforementioned forum, another user stated that they can encrypt files and shared the Python code that was created using ChatGPT. This code, he said, was the first code he wrote.
Such code could be used for harmless reasons, but Check Point says it “can be easily modified to completely encrypt someone’s machine without user interaction.”
The security firm said that ChatGPT-encoded hacking tools look “fairly basic,” but that “it’s only a matter of time before more sophisticated attackers improve how they exploit AI-based tools.” ” he emphasized.
The third case where ChatGPT was used for fraud flagged by Check Point involved cybercriminals who showed they could use AI chatbots to create dark web marketplaces. The hacker posted on an underground forum that he used ChatGPT to create code that used his API from a third party to get the latest cryptocurrency prices. It is used for dark web market payment systems.
OpenAI, developer of ChatGPT, has implemented some controls to prevent apparent claims of AI creating spyware. But AI chatboxes came under more scrutiny after security analysts and journalists discovered they could craft typo-free, grammatically correct phishing emails.(opens in new window).
OpenAI did not immediately respond to requests for comment.
do you like what you are reading?
Apply security watch Get a newsletter of top privacy and security stories delivered to your inbox.