Skip to main content
  1. Home
  2. Computing
  3. News

ChatGPT just created malware, and that’s seriously scary

Aaron Leong
By

A self-professed novice has reportedly created a powerful data-mining malware using just ChatGPT prompts, all within a span of a few hours.

Aaron Mulgrew, a Forcepoint security researcher, recently shared how he created zero-day malware exclusively on OpenAI’s generative chatbot. While OpenAI has protections against anyone attempting to ask ChatGPT to write malicious code, Mulgrew found a loophole by prompting the chatbot to create separate lines of the malicious code, function by function.

Recommended Videos

After compiling the individual functions, Mulgrew had created a nigh undetectable data-stealing executable on his hands. And this was not your garden variety malware either — the malware was as sophisticated as any nation-state attacks, able to evade all detection-based vendors.

Related

Just as crucially, how Mulgrew’s malware defers from “regular” nation-state iterations in that it doesn’t require teams of hackers (and a fraction of the time and resources) to build. Mulgrew, who didn’t do any of the coding himself, had the executable ready in just hours as opposed to the weeks usually needed.

The Mulgrew malware (it has a nice ring to it, doesn’t it?) disguises itself as a screensaver app (SCR extension), which then auto-launches on Windows. The software will then sieve through files (such as images, Word docs, and PDFs) for data to steal. The impressive part is the malware (through steganography) will break down the stolen data into smaller pieces and hide them within images on the computer. These images are then uploaded to a Google Drive folder, a procedure that avoids detection.

Equally impressive is that Mulgrew was able to refine and strengthen his code against detection using simple prompts on ChatGPT, really raising the question of how safe ChatGPT is to use. Running early VirusTotal tests had the malware detected by five out of 69 detection products. A later version of his code was subsequently detected by none of the products.

Note that the malware Mulgrew created was a test and is not publicly available. Nonetheless, his research has shown how easily users with little to no advanced coding experience can bypass ChatGPT’s weak protections to easily create dangerous malware without even entering a single line of code.

But here’s the scary part of all this: These kinds of code usually take a larger team weeks to compile. We wouldn’t be surprised if nefarious hackers are already developing similar malware through ChatGPT as we speak.

Editors' Recommendations

Topics
Aaron Leong
Aaron Leong
Computing Writer
Aaron enjoys all manner of tech - from mobile (phones/smartwear), audio (headphones/earbuds), computing (gaming/Chromebooks)…
Is Apple making its own version of ChatGPT? It seems that way
AI assistants compared with ChatGPT.

Apple is likely working on some kind of answer to ChatGPT and generative AI -- because of course it is. It would have been safe to assume that without evidence, but now we have some solid proof that Apple is starting to take AI seriously.

As noticed by TechCrunch, Apple currently has posted 28 AI-related jobs in May alone, and 9to5Mac points out that there's a total of 88 open jobs at Apple that are somehow related to AI. That's a lot, especially considering the hiring freeze that was instituted earlier this year.

Read more
OpenAI’s new ChatGPT app is free for iPhone and iPad
The ChatGPT website on an iPhone.

OpenAI has just launched a free ChatGPT app for iOS, giving iPhone and iPad owners an easy way to take the AI-powered tool for a spin.

The new app, which is able to converse in a remarkably human-like way, is available now in the U.S. App Store and will come to additional countries “in the coming weeks,” OpenAI said. Android users are promised their own ChatGPT app “soon.”

Read more
What is ChatGPT Code Interpreter and how to use it
ChatGPT plugin store.

The latest buzz around OpenAI's ChatGPT chatbot is that it can now access the internet and run plug-ins. You need to be a ChatGPT Plus subscriber, but if you are, the feature is widely available, and it's gotten a lot of people very excited. Why? Because it lets ChatGPT do a whole lot more. In fact, some of its most dedicated users are already putting it to work in new and exciting ways.

From visualizing every lighthouse in America to converting images to text and even doing some video editing, ChatGPT's code interpreter gives it all kinds of exciting new abilities.
What is ChatGPT Code Interpreter?
The ChatGPT Code Interpreter is one of a handful of new plug-ins that you can add to the standard ChatGPT experience to augment and improve its abilities. It makes it possible to run Python code within a chat with ChatGPT, with additional options to upload and download files. You can then further adjust the code, or have ChatGPT make its own changes and suggestions.

Read more