ChatGPT is being used to create malware — what you need to know
Malware samples created with ChatGPT have reportedly been spotted in the wild
As ChatGPT, Bing Chat and Google Bard continue to take the world by storm, cybersecurity experts have voiced their concerns about potential threats posed by AI.
And it appears these concerns are increasingly valid as malware has already been created using ChatGPT. As reported by Infosecurity, WithSecure CEO Juhani Hintikka has confirmed to the news outlet that malware samples generated by ChatGPT have been spotted in the wild.
Just as ChatGPT can provide different answers to the same question, it can also generate variations on a piece of code. Apparently, this is what the hackers abusing the AI chatbot did to create malware.
By feeding ChatGPT existing malware samples, hackers can have it create new malware strains that are polymorphic. As WithSecure’s head of threat analysis Tim West pointed out to Infosecurity, this will make it particularly challenging to defend against these new threats.
While we now know that ChatGPT has been used to create malware, we don’t know much else on the matter yet, including how dangerous this malware is and whether or not it’s currently being used in cyberattacks.
Just another tool in a hacker’s toolbox
In order to bypass the defenses of Google, Microsoft and other tech giants, hackers often find clever ways to abuse legitimate tools. For instance, remote access tools are frequently used by hackers in their attacks, and it now appears like they too have jumped on the AI bandwagon.
As Hintikka points out, AI has traditionally been used by antivirus companies and other defenders to fend off cyberattacks. However, this appears to be changing as cybercriminals now have more resources at their disposal.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Here at Tom’s Guide our expert editors are committed to bringing you the best news, reviews and guides to help you stay informed and ahead of the curve!
Besides answering your most pressing questions, ChatGPT can be used for coding. In fact, the chatbot can write code for you which “lowers the barrier for entry for the threat actors to develop malware,” according to West. While hackers can currently buy pre-built and custom malware on the dark web, generative AI provides them with the tools they need to cut out the middleman and create new malware on their own.
At the same time, hackers are already using AI to craft their phishing emails. So far, humans have been able to identify these AI-crafted phishing attempts but as AI becomes more advanced, Hintikka warns that it will be much harder to identify what is suspicious and what isn’t going forward.
How to stay safe from malware
Malware created by AI is going to completely change the threat landscape but there are still several steps you can take to protect yourself.
First and foremost, you'll want to make sure that all of your devices are up to date with the latest software and security patches installed. This way, you can better protect both your devices and your data from falling into the hands of hackers.
Windows PCs and Macs both come with their own built-in malware protection in the form of Windows Defender and XProtect, respectively. However, for additional protection, you should consider installing one of the best antivirus software solutions on your PC, the best Mac antivirus software on your Mac and one of the best Android antivirus apps on your Android smartphone. If you need a more all-encompassing solution, the best internet security suites often throw in a VPN and a password manager in addition to malware protection.
Now that the cat is out of the bag when it comes to generative AI and AI chatbots, expect to hear similar stories about hackers abusing these types of services to create malware. Fortunately though, cybersecurity firms are likely already a step ahead as they’ve been using AI in their antivirus engines to detect new types of malware for years now.
More from Tom's Guide
Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.