ChatGPT Powered Polymorphic Malware Bypasses Endpoint Detection Filters

In Cybersecurity News - Original News Source is by Blog Writer

Post Sharing

The number of monthly users of ChatGPT exceeded 100 million at the end of January, which sets a new record for the fastest-growing app since it was launched at the end of 2022.

OpenAI’s ChatGPT is a natural language processing tool that uses AI to process text and is developed by OpenAI. However, recent research revealed that ChatGPT could build code that can be used maliciously.

Jeff Sims, who works at the HYAS Institute, has created a polymorphic keylogger using artificial intelligence called “Blackmamba,” which uses Python to tweak its program randomly based entirely on the input that has been taken from the user.

As a result of Jeff’s malicious prompt, text-davinci-003 created a keylogger in Python 3. To accomplish this, Jeff had to use the python exec() function to “dynamically execute Python code at runtime.”

Writing Unique Python Scripts

Whenever ChatGPT / text-davinci-003 is called, a unique Python script is written for the keylogger. Consequently, as a result, it becomes polymorphic, making it harder for the EDRs to block the result.

In addition, the hackers could use ChatGPT to modify the code, resulting in a highly evasive code that was difficult to detect. 

Even they were also able to generate programs that could be used by ransomware and malware developers to launch attacks.

Jeff’s BlackMamba keylogger is being used to collect sensitive information over trusted channels, using MS Teams as a malicious communication platform.

It collects sensitive data such as:

  • Usernames
  • Passwords
  • Credit card numbers
  • Debit card numbers
  • Personal or confidential data

They are Actively Targeting MS Team & Slack

Using MS Team, Jeff’s Blackmamba can collect all the sensitive data and present it in an obvious manner. It is said that the perpetrator uses MS Team because it assists him in gaining access to an organization’s internal resources.

Also, since it is interconnected to many other essential tools, it pinpoints valuable targets owing to its ability to identify them.

So, we can expect internal communication tools such as Slack and MS Teams to be increasingly exploited by hackers to enter the network maliciously.

Python to .exe

Jeff explains that a free, open-source utility called auto-py-to-exe can convert python code into .exe files to make it portable or pass it to other targets.

It’s important to note that all these files can run on different devices, such as:-

  • Windows
  • Mac OS
  • Linux systems

The information can be shared more easily within the target environment using “email, social engineering schemes, etc.”.

ChatGPT is rapidly becoming more popular, and its machine-learning capability is only going to produce code that is even more sophisticated as time goes by.

Due to technological advancements like this, cyberattacks are likely to be launched by less skilled threat actors.

That’s why organizations must review their cybersecurity strategy and ensure third-generation defenses are in place to take on these cyberattacks to stay ahead of cybercriminals.

Network Security Checklist – Download Free E-Book