Two cybersecurity researchers say that they have managed to use ChatGPT to create difficult to detect mutating or “polymorphic” malware, which uses ChatGPT on runtime to load and mutate new code.
CyberArk’s Eran Shimony and Omer Tsarfati found that ChatGPT web version could be compelled to bypass content filters restricting malware creation by “insisting and demanding” (with reformulated requests.)
They also found that the ChatGPT "API bypasses every content filter there is”, making it possible to use ChatGPT to “create a polymorphic program that is highly evasive and difficult to detect” and “provide the necessary code for typical ransomware including code injection and file encryption modules.”
The researchers proposed method, explained in a short January 17 blog, involves using the ChatGPT API within the malware itself on-site, with the malware is designed as an executable that includes two key components:
- "C&C, which could be generated by the ChatGPT server to fetch new modules
- "Validation and execution of ChatGPT code"
They wrote: “To accomplish this, the malware includes a Python interpreter that periodically queries ChatGPT for new modules that perform malicious actions. This allows the malware to detect incoming payloads in the form of text instead of binaries. Additionally, by requesting specific functionality such as code injection, file encryption or persistence from ChatGPT, we can easily obtain new code or modify existing code.
"This results in polymorphic malware that does not exhibit malicious behavior while stored on disk and often does not contain suspicious logic while in memory. This high level of modularity and adaptability makes it highly evasive to security products that rely on signature-based detection and will be able to bypass measures such as Anti-Malware Scanning Interface (AMSI) as it eventually executes and runs Python code…”
The two did not spell out how the malware would call ChatGPT regularly and undetected.
“While we have not delved into the details of communication with the C&C server, there are several ways that this can be done discreetly without raising suspicion. In the future, we will expand and elaborate more on this, and we also aim to release some of the source code for learning purposes” they promised in the blog.
Hackers have got increasingly sophisticated when it comes to hiding Command & Control (C&C or C2) traffic.
FireEye for example has detailed affiliates of the DarkSide ransomware syndicate (behind the Colonial Pipeline attack) employing the C3 framework – a Custom Command and Control platform for offensive security professionals to hide their traffic home, proxying C2 communications through the Slack API.
“Based on this actor’s other TTPs they were [also] likely using C3 to obfuscate Cobalt Strike BEACON traffic” they added. (Cobalt Strike is a commercial penetration testing product widely used by cybercriminals which allows an attacker to deploy an agent named ‘Beacon’ on the victim machine with extensive functionalities.)
With C3 able to help attackers use even networked printers as a C2 channel, those responsible for securing enterprises should be watching the evolution of C2 techniques closely. (F-Secure has some tips on hunting for C3 including via anomalous DNS queries for Slack domains, anomalous processes, etc. here.)