ChatGPT is helping hackers write malware codes

The new AI-based chatbot tool developed by OpenAI can be leveraged to write code and malware that help cyber threat actors

Updated - January 07, 2023 05:00 pm IST

Published - January 07, 2023 04:22 pm IST

File photo of a person typing

File photo of a person typing | Photo Credit: AP

ChatGPT, the new AI sensation, is helping even less skilled cyber threat actors write codes and launch cyberattacks effortlessly, researchers at security firm Check Point Research said in a blog post on Friday.

(For insights on emerging themes at the intersection of technology, business, and policy, subscribe to our tech newsletter Today’s Cache.)

Since OpenAI released ChatGPT in November last year, it has created a flurry of interest in AI and its possible uses.

While it is too early to predict if ChatGPT will become the new favourite tool for participants in the Dark Web, the cybercriminal community has already shown significant interest and is jumping onto this latest trend to generate malicious code, researchers said.

The firm’s analysis of several major underground hacking communities revealed that cyber attackers with little or no coding experience were using ChatGPT to write codes that could be used for spying, ransomware, and other malicious tasks.

Last month, a thread named “ChatGPT – Benefits of Malware” appeared on a popular underground hacking forum. The publisher of the thread revealed that he was testing ChatGPT to recreate techniques described in research publications about common malware. He shared the code of a Python-based stealer that searches for common file types, copies them to a random folder inside the Temp folder, ZIPs them, and uploads them to an FTP server.

He also created a simple Java snippet using Chat GPT that can be modified to run any program, including common malware families, Check Point Research said.

In the same month, a threat actor dubbed USDoD posted a Python script, which he said was the first script he ever created using Open AI. This script can encrypt someone’s machine completely without any user interaction.

Although UsDoD is not a developer and has limited technical skills, he is a very active member of the underground community. He is involved in a variety of illegal activities like selling access to compromised companies and stolen databases.

Another notable instance of the use of ChatGPT that was carried out on New Year’s Eve of 2022 was the creation of Dark Web Marketplaces scripts. The marketplace’s main role is to provide a platform for the automated trade of illegal goods like stolen accounts or payment cards, malware, or even drugs and ammunition, with all payments in cryptocurrencies, Check Point Research highlighted.

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in


Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.