In a recent report, Israeli cybersecurity company Check Point warned that cybercriminals are already using ChatGPT to develop malicious programs on the Dark Web. According to Check Point, ChatGPT makes it possible for even unskilled threat actors to create functioning malware.
CPR’s analysis of several major underground hacking communities shows that there are already first instances of cybercriminals using OpenAI to develop malicious tools. As we suspected, some of the cases clearly showed that many cybercriminals using OpenAI have no development skills at all.
Check Point researchers found indeed at least three distinct such cases, ranging from exfiltrating scripts to ransomware-enabling encryption tools and including a marketplace to support fraudulent schemes.
In the first case, a seemingly skilled threat-actor leveraged ChatGPT capacity to translate from one language into another to recreate malware strains known from research publications. The key to get a functioning malicious script is to specify exactly what the program should do using pseudo-code, they noted. They shared a Python script able to search for a number of known file types, zip them, and send the zip over the Internet. In addition, they showed a Java program able to download PuTTY, a popular telnet/SSH client for Windows, and run it on the system.
Another threat-actor created a Python program to encrypt and decrypt files. While the script was just a collection of function, Check Point researchers noted it could be easily transformed into a tool for ransomware. In this case, the threat-actor stated it was their first attempt at writing a script.
In a third case, ChatGPT was used to create a marketplace to enable fraudulent activity, such as trading illegal or stolen goods, including accounts or credit cards and so on, using cryptocurrencies for transaction payments.
To illustrate how to use ChatGPT for these purposes, the cybercriminal published a piece of code that uses third-party API to get up-to-date cryptocurrency (Monero, Bitcoin and Etherium) prices as part of the Dark Web market payment system.
Check Point researchers admit that the ChatGPT-generated malware they identified on the Dark Web is still pretty basic, but, they say, it is only a matter of time until more sophisticated actors find their way to launch ChatGPT-enabled attacks. To make this point more cogent, they described in another article a number of techniques that can be used to create full phishing flows, including a plausible mail and an Excel file embedding malicious VBA code. Additionally, they could create a port scanning script, a reverse shell, and a sandbox detection tool. In some cases, common English knowledge was enough to get a functioning program out of ChatGPT.