Do you know what questions to ask when you're looking for an IT firm? We're here to help. Get the free guide delivered right to your inbox:
Some good news for security vendors, bad new for users – the latest malicious chatbot software ChatGPT is not only available to script kiddies and criminals, but it also enables them to write functional malware.
Rather than plotting a traditional social engineering attack, the user instead types commands such as “install-windows-malware” or “download-pdf-password” and the bot will perform necessary actions including downloading and executing a payload from a specified URL.
To start with, the URLs have fairly innocuous or even cute names such as “buy-crypto-candy_malware”, but in reality, they are being hosted on a compromised server and are used to send requests to download malware.
The bot has been available since at least July 2018, although it is not certain how widespread it is as no one has found major distribution channels. However, researchers at security firm Fox-IT have been tracking the distribution of this particular bot and while they have not noted any new distributions of it since June, there have been several new samples sent to them.
Source: ChatGPT is enabling script kiddies to write functional malware | Ars Technica