Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Cybercriminals Use ChatGPT to Create Malware

February 28, 2023

The Express Tribune published a post on February 10 citing research by threat intelligence company Check Point Research.

While Open AI has imposed restrictions on how the ChatGPT can be used, posts on a dark web hacking forum revealed that it can still be used to create malware.

Anonymous users on the forum have told viewers how they can achieve this, like “the key to getting it to create what you want is by specifying what the program should do and what steps should be taken, consider it like writing pseudo-code for your comp[uter] sci[ence] class.”

Using this method, hackers can create a “python file stealer that searches for common file types “that can automatically self-delete after files have been uploaded or an error is encountered while the program is running. The method is designed to remove any evidence of hacking.”

A user on the platform also shared their experience creating a dark web marketplace script, which can be used for various purposes including selling personal information obtained through data breaches, selling illegally obtained card information, or even selling cybercrime-as-a-service products.

Users agree that ChatGPT is a great way to “make money”, claiming they made more than $1,000 per day. Forbes believes hackers did so by impersonating women to enact social engineering attacks on vulnerable targets.

Cybersecurity experts have already told Cyber Security Hub that, according to their forecast, the top cyber security threat of 2023 would be crime-as-a-service, and ChatGPT has expedited the process by creating malware for free.

Further information may be found on a February 25 post from Insider. Misuse of ChatGPT, now powering Bing’s already troubling chatbot, concerns experts who see the potential for chatbots to help construct phishing, malware and hacking attacks.

A February survey from cybersecurity company Blackberry shows that, of 1500 cybersecurity experts, 74% said they worried about ChatGPT aiding in cybercrime. 71% believed ChatGPT may already be in use by nation-states to attacking other counties through hacking and phishing attempts.

Experts are currently considering whether companies like Open AI might bear some responsibility for its product’s involvement in crimes.

Hat tip to Dave Ries.

Sharon D. Nelson, Esq., PresidentSensei Enterprises, Inc.
3975 University Drive, Suite 225Fairfax, VA 22030
Email:   Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology