Hackers are using ChatGPT to write malware

(Image credit: Pixabay)

ChatGPT continues filling the headlines - but this time for all the wrong reasons, experts have warned.

Cybersecurity researchers from Check Point Research (CPR) have observed the tool being used by cybercriminals to improve - and sometimes build from scratch - dangerous malware and ransomware.

The team released the results of their research, saying they’ve spotted numerous posts on underground hacking forums in which cybercriminals discuss creating infostealers, encryption tools, and other malware - with the help of ChatGPT. To make matters even worse, some of the authors seem to be complete newbies to the world of programming, signaling that the tool might be used to dramatically lower the barrier to entry into cybercrime.

Attractive new tool

Besides building malware and ransomware, cybercrooks are also using the AI-powered chatbot to build supporting software. One hacker described using the tool to create a marketplace, where other hackers can trade illegal and stolen goods, such as payment data, malicious software, but also drugs and firearms. All of the payments made on the platform would be done in cryptocurrencies.

“Cybercriminals are finding ChatGPT attractive. In recent weeks, we’re seeing evidence of hackers starting to use it writing malicious code,” commented Sergey Shykevich, Threat Intelligence Group Manager at Check Point. 

“ChatGPT has the potential to speed up the process for hackers by giving them a good starting point. Just as ChatGPT can be used for good to assist developers in writing code, it can also be used for malicious purposes. Although the tools that we analyze in this report are pretty basic, it’s only a matter of time until more sophisticated threat actors enhance the way they use AI-based tools. CPR will continue to investigate ChatGPT-related cybercrime in the weeks ahead.” 

ChatGPT is an AI-powered chatbot recently published by OpenAI. Since going public, the tool’s quality garnered a lot of attention, but also generated some fear. The media have gone as far as to discuss if tools such as ChatGPT could spell the end of Google and other mainstream tech giants, or if it could leave the majority of software developers out of work. 

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.