March 15th, 2023 06pm EST

Highlights:

Check Point Research (CPR) releases an initial analysis of ChatGPT4, surfacing five scenarios that can allow threat actors to streamline malicious efforts and preparations faster and with more precision. In some instances, even non-technical actors can create harmful tools. The five scenarios provided span impersonations of banks, reverse shells, C++ malware and more. Despite the presence of safeguards in ChatGPT4, some restrictions can be easily circumvented, enabling threat actors to achieve their objectives without much hindrance. CPR warns of ChatGPT4’s potential to accelerate cybercrime execution and will continue its analysis of the platform in the following days.
Check Point Research (CPR) has taken an initial look into ChatGPT4 and finds various scenarios that allow threat actors to streamline malicious efforts and preparations, resulting in quicker and more precise outcomes to accelerate cybercrime.
In certain instances, these scenarios empower non-technical individuals to create harmful tools, as if the process of coding, constructing, and packaging is a simple recipe. Despite the presence of safeguards in ChatGPT4, some restrictions can be easily circumvented, enabling threat actors to achieve their objectives without much hindrance.

CPR is sharing five scenarios of potentially malicious use of ChatGPT4.

  1. C++ Malware that collects PDF files and sends them to FTP
  2. Phishing: Impersonation of a bank
  3. Phishing: Emails to employees
  4. PHP Reverse Shell
  5. Java program that downloads and executes putty that can launch as a hidden powershell

Deep-dive into 5 Scenarios:

Scenarios:

  1. C++ Malware that collects PDF files and sends them to FTP (address 1.1.1.1)

Obvious approach – blocked

Remove the “malware” word

 

Compilation Instructions:

 

Strip the binary:

Binary packing:

2. Phishing – scenario 1

Obvious approach – blocked

Bypass using Chat-GPT 3.5

Now use version 4:

 

3. Phishing – Scenario 2

4. PHP Reverse Shell

5. This actor created using ChatGPT is a simple Java snippet. It downloads PuTTY, a very common SSH and telnet client, and runs it covertly on the system using Powershell. This script can of course be modified to download and run any program, including common malware families.

Now with Chat GPT:

Obvious version – blocked

 

Remove the word “hidden” (related to the PowerShell):

 

Now add it back in:

Conclusion:

After finding several ways in which ChatGPT can be used by hackers, and actual cases where it was, our researchers spent the last 24 hours to see whether anything changed with the newest version of ChatGPT. While the new platform clearly improved on many levels, we can, however, report that there are potential scenarios where bad actors can accelerate cybercrime in ChatGPT4. ChatGPT4 can empower bad actors, even non-technical ones, with the tools to speed up and validate their activity. Bad actors can also use ChatGPT4’s quick responses to overcome technical challenges in developing malware. What we’re seeing is that ChatGPT4 can serve both good and bad actors. Good actors can use ChatGPT to craft and stitch code that is useful to society; but simultaneously, bad actors can use this AI technology for rapid execution of cybercrime. As AI plays a significant and growing role in cyber attacks and defense, we expect this platform to be used by hackers as well, and we will spend the following days to better understand how.

 

Previous CPR reports on ChatGPT:

  1. Cybercriminals Bypass ChatGPT Restrictions to Generate Malicious Content (Feb 7, 2023)
  2. OPWNAI : CYBERCRIMINALS STARTING TO USE CHATGPT (Jan 6, 2023)
  3. OpwnAI: AI That Can Save the Day or HACK it Away (December 19, 2022)
  4. CP<Radio> Podcast: AI can write malware now. Are we doomed? (January 16, 2023)

You may also like