Accessing Computers With ChatGPT for Fun and Profit
upstart writes:
The malware even escaped detection on VirusTotal:
A cybersecurity researcher claims to have used ChatGPT to develop a zero-day exploit that can steal data from a compromised device. Alarmingly, the malware even evaded detection from all vendors on VirusTotal.
Forcepoint's Aaron Mulgrew said he decided early on in the malware creation process not to write any code himself and use only advanced techniques that are typically employed by sophisticated threat actors like rogue nation states.
Describing himself as a "novice" in malware development, Mulgrew said he used Go implementation language not only for its ease of development, but also because he could manually debug the code if needed. He also used steganography, which hides secret data within an regular file or message in order to avoid detection.
[...] Mulgrew said the entire process took "only a few hours." Without the chatbot, he believes it would have taken a team of 5-10 developers weeks to craft the malicious software and ensure it could evade detection by security apps.
While Mulgrew created the malware for research purposes, he said a theoretical zero-day attack using such a tool could target high-value individuals to exfiltrate critical documents on the C drive.
Read more of this story at SoylentNews.