OpenAI logo displayed on a phone screen and ChatGPT website displayed on a laptop screen.

Writing poetry, technical papers, novels, and essays, planning parties, and learning about new topics are just a few of the tasks that have been accomplished with the help of the artificial intelligence (chat) bot. We can now include the pursuit of other types of cyber crime.

Some people with little or no coding experience were using it to write software and emails that could be used for espionage, according to researchers.

According to company researchers, it is too early to say whether or not the new favorite tool for participants in the dark web will be ChatGPT. The cybercriminal community is jumping into this latest trend to create malicious code.

Last month, one forum participant posted what they claimed was the first script they had written and credited the chatbot with helping to finish the script with a nice scope.

A screenshot showing a forum participant discussing code generated with ChatGPT.
Enlarge / A screenshot showing a forum participant discussing code generated with ChatGPT.

The Python code has a lot of functions that are related to ciphers. The part of the script that generated a key used elliptic curve cryptography. The part used a password that was hard to guess. RSA keys and digital signatures were used by a third.

The result was a script that was able to be used to decrypt a single file, as well as a hardcoded path and a list of files that it received as an argument. Not bad for a person with limited skills.

Advertisement

The researchers said that all of the code can be used in a benign way. This script can easily be changed to make it impossible for someone to use their machine. If the script and syntax problems are fixed, it can turn the code into a computer hacker's nightmare.

Two code samples were posted by a forum participant with a more technical background A Python script was used to steal information. In order to find specific file types, it copied them to a temporary directory, compressed them, and sent them to an attacker-controlled server.

Screenshot of forum participant describing Python file stealer and including the script produced by ChatGPT.
Enlarge / Screenshot of forum participant describing Python file stealer and including the script produced by ChatGPT.

A second piece of code was posted by a person. Powershell was used to run the PuTTY client. This individual seems to be a tech-oriented threat actor, and the purpose of his posts is to show less technically capable criminals how to use ChatGPT for malicious purposes, with real examples they can immediately use.

A screenshot describing the Java program, followed by the code itself.
Enlarge / A screenshot describing the Java program, followed by the code itself.

Another example of crimeware was designed to create an automated online bazaar for buying and selling credentials for compromised accounts. The code uses a third-party interface to retrieve the current prices of cryptocurrencies. The user was able to set prices when buying things.

Screenshot of a forum participant describing marketplace script and then including the code.
Enlarge / Screenshot of a forum participant describing marketplace script and then including the code.

The post came two months after Check Point researchers tried to develop an artificial intelligence-produced piece of malicious software. They did not write a single line of code.

Advertisement
A phishing email generated by ChatGPT.
Enlarge / A phishing email generated by ChatGPT.

A malicious macro that could be hidden in an excel file was developed by the researchers. They didn't write a line of code again. The outputted script was a bit primitive.

Screenshot of ChatGPT producing a first iteration of a VBA script.
Screenshot of ChatGPT producing a first iteration of a VBA script.

The quality of the code vastly improved when the researchers were told to make more changes.

A screenshot of ChatGPT producing a later iteration.
Enlarge / A screenshot of ChatGPT producing a later iteration.

A reverse shell and script for port scanning were used by the researchers to develop other types of malicious software.

The researchers said that the infection flow was complete. A reverse shell was downloaded to the machine from the attached excel document. All that is left for us to do is execute the attack, because the hard work was done by the artificial intelligences.

The researchers were able to modify their requests to get around the restrictions on the use of the term. It's possible for defenders to write code that searches for malicious URLs inside files or ask for the number of detections for a specific cipher.

Welcome to the new world of artificial intelligence. It is too early to know how it will affect the future of offensive hacking, but it is likely that it will intensify the arms race between defenders and threat actors.