ChatGPT has caused a lot of buzz in the tech world these last few months, and not all the buzz has been great. Now, someone has claimed to have made powerful data-mining malware by using ChatGPT-based prompts in just a few hours. Here’s what we know.
Who is responsible for this malware?
Forcepoint security researcher Aaron Mulgrew shared how he was able to create this malware by using OpenAI’s generative chatbot. Even though ChatGPT has some protections that prevent people from asking it to create malware codes, Aaron was able to find a loophole.
He prompted ChatGPT to create the code function by function with separate lines. Once all the individual functions were compiled, he realized that he had an undetectable data-stealing executable on his hands that was as sophisticated as any nation-state malware.
Forcepoint security researcher Aaron Mulgrew revealed he could create malware by using OpenAI’s generative chatbot. (Aaron Mulgrew)
This is incredibly alarming because Mulgrew was able to create this very dangerous malware without the need for a team of hackers, and he didn’t even have to create the code himself.
What does the malware do?
The malware starts by disguising itself as a screensaver app that then auto-launches itself onto Windows devices. Once it’s on a device, it will scrub through all kinds of files including Word docs, images and PDFs, and look for any data it can find to steal from the device.
The malware could search through computer files for any data to swipe. (Aaron Mulgrew)
Once the malware gets hold of the data, it can break the data down into smaller pieces and hide those pieces within other images on the device. The images then avoid detection by being uploaded to a Google Drive folder. The code was made to be super strong because Mulgrew was able to refine and strengthen his code against detection using simple prompts on ChatGPT.
What does this mean for ChatGPT?
Although this was all done in a private test by Mulgrew and the malware is not attacking anyone in the public, it’s truly alarming to know the dangerous acts that can be committed using ChatGPT. Mulgrew claimed to not have any advanced coding experience, and yet the ChatGPT protections were still not strong enough to block his test. Hopefully, the protections are strengthened before a real hacker gets the chance to do something as Mulgrew did.
Always stay protected
This story is yet another reminder to always have good antivirus software running on your devices as it will protect you from malware infecting your devices. See my expert review of the best antivirus protection for your Windows, Mac, Android & iOS devices by visiting CyberGuy.com/LockUpYourTech .
Head to CyberGuy.com for tips on staying secure. (Kurt Knutsson)
How do you feel about ChatGPT’s protections? We want to know your thoughts.
For more of my tips, subscribe to my free CyberGuy Report Newsletter by clicking the “Free newsletter” link at the top of my website.
Copyright 2023 CyberGuy.com. All rights reserved.