top of page

Bypassing endpoint detection filters is polymorphic malware powered by ChatGPT.

At the end of January, ChatGPT had more than 100 million active monthly users, breaking the previous mark for the fastest-growing app since its release at the end of 2022.

The artificial intelligence (AI) natural language processing application called ChatGPT is created by OpenAI. Recent studies, however, showed that ChatGPT could create code that could be used intentionally.

The HYAS Institute employee Jeff Sims developed the polymorphic keylogger "Blackmamba" using artificial intelligence. Blackmamba uses Python to randomly modify its program based completely on the input that has been obtained from the user.

Text-davinci-003 produced a keylogger in Python 3 as a consequence of Jeff's malicious prompt. In order to "dynamically execute Python code at runtime," Jeff had to use the python exec() function.

Writing Original Python Scripts

A special Python script is created for the keylogger each time ChatGPT / text-davinci-003 is invoked. It consequently turns polymorphic, making it more challenging for the EDRs to prevent the outcome.

Additionally, the code could be altered by the hackers using ChatGPT, creating a code that was very evasive and challenging to discover.

Even they had the ability to produce programs that malware and ransomware creators could use to initiate attacks.

Using MS Teams as a malicious communication tool, Jeff's Blackmamba keylogger is being used to gather private information over secure channels.

Sensitive information is gathered, like:

· Usernames

· Passwords

· Credit card numbers

· Debit card numbers

· Personal or confidential data

They are specifically aiming for MS Team and Slack.

Jeff's Blackmamba can gather all the confidential information using MS Team and show it in an understandable way. According to reports, the perpetrator makes use of MS Team to help him obtain access to an organization's internal resources.

Additionally, because it is linked to many other crucial tools, it can pinpoint important targets thanks to its aptitude for doing so.

Therefore, it is reasonable to assume that internal communication tools like Slack and Microsoft Teams will be increasingly used by hackers to break into the network intentionally.

Python to .exe

According to Jeff, a free, open-source program called auto-py-to-exe can transform Python code into.exe files so that it can be passed to other destinations or made portable.

It's crucial to remember that all of these files can function on a variety of gadgets, including:

· Windows

· Mac OS

· Linux systems

Within the target environment, sharing of the knowledge is made simpler by "email, social engineering schemes, etc.".

The popularity of ChatGPT is growing quickly, and as time goes on, its machine learning capacity will only result in more complex code.

As a result of such technological advancements, less experienced threat actors are more likely to initiate cyberattacks.

To remain one step ahead of cybercriminals, organizations must review their cybersecurity strategy and make sure third-generation defenses are ready to combat these cyberattacks.

6 views0 comments
bottom of page