Ever since it was launched in November last year, ChatGPT’s generative AI bot has garnered a considerable fan following and a massive user base, who have used it for a variety of tasks – from writing poems, technical papers, essays, and even novels, to using the service as a conversational search engine, the AI bot has been one of the most significant pieces of tech to have been launched last year. Software developers also used ChatGPT to write some basic code.
A new report by Check Point Research, a digital security firm, revealed that cybercriminals and hackers are using AI Bots. The report by Check Point research showed that within a few weeks of ChatGPT going life, participants in cybercrime forums were using it to write software and emails that could be used for espionage, ransomware, malicious spam, and other malicious tasks even though most of them had little or no coding experience.
“It’s still too early to decide whether or not ChatGPT capabilities will become the new favorite tool for participants in the Dark Web,” company researchers wrote. “However, the cybercriminal community has already shown significant interest and is jumping into this latest trend to generate malicious code.”
Last month, one forum participant posted what they claimed was the first script they had written and credited the AI chatbot with providing a “nice [helping] hand to finish the script with a nice scope.” In another case, a forum participant with a more technical background posted two code samples, both written using ChatGPT. The first was a Python script for post-exploit information stealing. It searched for specific file types, such as PDFs, copied them to a temporary directory, compressed them, and sent them to an attacker-controlled server.
Another example of ChatGPT-produced crimeware was designed to create an automated online bazaar for buying or trading credentials for compromised accounts, payment card data, malware, and other illicit goods or services.
The researchers at Check Point also tried creating malware using AI generation and could do it successfully without writing a single line of code. What was worrying about their experience was that they made a phishing email that looked very sophisticated and almost impossible to discern.
The researchers had little issue modifying their requests to get around such restrictions, even though ChatGPT regulations prohibit its usage for illicit or evil reasons. Of course, defenders may also utilize ChatGPT to create code that scans files for dangerous URLs.