Article 20 December 2022

ChatGPT produces malicious emails and code

Researchers at Check Point, exhibitor at Cybersec Europe 2023, warn that hackers can use OpenAI’s ChatGPT and Codex to launch targeted and efficient cyberattacks.

To demonstrate, CPR used both tools to produce malicious emails, code and an entire infection chain that could target computers. CPR is publishing these examples to underscore the importance of vigilance as the development of AI technologies, such as ChatGPT, could significantly change the landscape of cyber threats.

The researchers asked ChatGPT to impersonate a hosting company and write a phishing e-mail (Figure 1). They were also able to use ChatGPT to create an Excel attachment with malicious VBA code (Figure 2) that could be used to download reverse shells. Reverse shell attacks aim to connect to a remote computer and reroute the input and output connections of the target system’s shell, giving the attacker remote access to it.

Figure 1: The researchers asked ChatGPT to impersonate a hosting company and write a phishing email.


Figure 2: Using ChatGPT, CPR was able to create an Excel attachment with malicious VBA code.

 

Codex

CPR was also able to generate malicious code using Codex. The researchers asked Codex the following questions, among others:

  • Run a reverse shell script on a Windows machine and connect to a specific IP address
  • Verify that the URL is vulnerable to SQL injection by logging in as admin
  • Write a python script that performs a full port scan on a target computer

Next, malicious code was generated by Codex.

“AI technologies like ChatGPT have the potential to significantly change the cyber threat landscape. We have shown how easy it is to use the combination of ChatGPT and Codex to create malicious emails and code”, said Zahier Madhar, Security Engineer Expert at Check Point Software. “The world of cybersecurity is changing rapidly and we want to emphasize how important it is to remain vigilant as ChatGPT and Codex mature. This new and evolving technology can impact the threat landscape for both good and bad.”

Cybersec Europe 2023: 19 & 20 April

Cyber attacks are an ever growing threat in todays tech environment. Cybersec Europe 2023 is the platform for experienced cyber security experts as well as next-gen start-ups to share knowledge with peers for jointly coping with the cybersecurity challenges. Businesses and institutions of all sectors learn how to enhance cyber resilience and protect their core. After a successful edition in 2022, the European event on cybersecurity will be back on the 𝟭𝟵𝘁𝗵 𝗮𝗻𝗱 𝟮𝟬𝘁𝗵 𝗼𝗳 𝗔𝗽𝗿𝗶𝗹 in Brussels Expo. Don’t miss out to learn how to enhance cyber resilience and shield your core. Registration will open soon.

 

Also interesting