2023 will definitely be the year of artificial intelligence: somewhat suddenly, starting from the end of last year, we realized how AI can help make better moviesper enhance online search engines, to do school homework and as well to chat (virtually) with Elon MuskBarack Obama or even with Elizabeth II.

Many possibilityand many others will certainly appear in the coming months, but also many risks, as we have often written on Italian Tech. One is linked to cybersecurity: as explained by Check Point Software, an Israeli company active in the field of cybersecurity, the LLMs (what’s this?) such as ChatGPT can be used to build attack tools from scratch computer scientist. And also in a relatively simple way.

Creating malware with ChatGPT: easy for (almost) everyone

The analysts of CPR division of Check Point noted that they have observed “the first cases of cybercriminals and users using ChatGPT to develop dangerous tools” and that in underground hacking forums (image above)so-called infostealers (software that facilitates theft of personal information), encryption tools and others are already being created to facilitate fraudulent activities.

In particular, just at the end of 2022, it appeared on a popular underground hacking forum a titled thread ChatGPT – Benefits of Malwarewhose author has revealed that he is struggling with some tests to recreate malware through the popular AI, also to “demonstrate to less technically capable cybercriminals how to use it for malicious purposes, with real examples to apply immediately”.

Again: In another thread, a person showed off a Python script, described as “the first script I’ve ever created”, confirming that the OpenAI tool gave him “a big hand finishing it”, demonstrating that potential cybercriminals, with little or no development skills, could exploit ChatGPT to develop malicious tools and engage in this activity. Which is already a profitable activity: there are always discussions on the Dark Web Guide for make 1000 dollars a day con ChatGPT o How to make $600 with ChatGPT.





Creating phishing emails with ChatGPT: how to do it

To prove how simple it is, Check Point staff also have tried using ChatGPT to create phishing mails and malicious code: through the AI ​​of OpenAI, those of CPR were able to create an email, with an attached Excel document containing malicious code capable of unleashing what in jargon is called reverse shell (simplified, it is used to remotely take control of a computer).

A CPR analyst has before asked ChatGPT to impersonate a hosting company; then he asked ChatGPT to repeat the procedure, but creating a phishing email with a malicious Excel attachment; finally asked ChatGPT to create malicious VBA code within an Excel document. Which is what the hypothetical criminal should attach to the hypothetical email to be sent to potential victims.

Sergey Shykevich, responsabile del team Threat Intelligence of Check Point, recalled that “ChatGPT was designed for a good purpose to assist developers in writing code, but it can also be used for dangerous purposes” and that precisely “in recent weeks we have been observing criminals starting to use ChatGPT to write malicious code, giving them the potential to speed up the attack process and a good starting point. Although the tools analyzed are rather elementary, it’s just a matter of time before more technical criminals improve the way they use AI-powered tools.”

