1. Home
  2. Computing
  3. News

ChatGPT just created malware, and that’s seriously scary

By

A self-professed novice has reportedly created a powerful data-mining malware using just ChatGPT prompts, all within a span of a few hours.

Aaron Mulgrew, a Forcepoint security researcher, recently shared how he created zero-day malware exclusively on OpenAI’s generative chatbot. While OpenAI has protections against anyone attempting to ask ChatGPT to write malicious code, Mulgrew found a loophole by prompting the chatbot to create separate lines of the malicious code, function by function.

Recommended Videos

After compiling the individual functions, Mulgrew had created a nigh undetectable data-stealing executable on his hands. And this was not your garden variety malware either — the malware was as sophisticated as any nation-state attacks, able to evade all detection-based vendors.

Just as crucially, how Mulgrew’s malware defers from “regular” nation-state iterations in that it doesn’t require teams of hackers (and a fraction of the time and resources) to build. Mulgrew, who didn’t do any of the coding himself, had the executable ready in just hours as opposed to the weeks usually needed.

The Mulgrew malware (it has a nice ring to it, doesn’t it?) disguises itself as a screensaver app (SCR extension), which then auto-launches on Windows. The software will then sieve through files (such as images, Word docs, and PDFs) for data to steal. The impressive part is the malware (through steganography) will break down the stolen data into smaller pieces and hide them within images on the computer. These images are then uploaded to a Google Drive folder, a procedure that avoids detection.

Equally impressive is that Mulgrew was able to refine and strengthen his code against detection using simple prompts on ChatGPT, really raising the question of how safe ChatGPT is to use. Running early VirusTotal tests had the malware detected by five out of 69 detection products. A later version of his code was subsequently detected by none of the products.

Note that the malware Mulgrew created was a test and is not publicly available. Nonetheless, his research has shown how easily users with little to no advanced coding experience can bypass ChatGPT’s weak protections to easily create dangerous malware without even entering a single line of code.

But here’s the scary part of all this: These kinds of code usually take a larger team weeks to compile. We wouldn’t be surprised if nefarious hackers are already developing similar malware through ChatGPT as we speak.

Editors' Recommendations

Topics
Aaron Leong
Former Digital Trends Contributor
Aaron enjoys all manner of tech - from mobile (phones/smartwear), audio (headphones/earbuds), computing (gaming/Chromebooks)…
Is ChatGPT safe? Here are the risks to consider before using it

For those who have seen ChatGPT in action, you know just how amazing this generative AI tool can be. And if you haven’t seen ChatGPT do its thing, prepare to have your mind blown! 

There’s no doubting the power and performance of OpenAI’s famous chatbot, but is ChatGPT actually safe to use? While tech leaders the world over are concerned over the evolutionary development of AI, these global concerns don’t necessarily translate to an individual user experience. With that being said, let’s take a closer look at ChatGPT to help you hone in on your comfort level.
Privacy and financial leaks
In at least one instance, chat history between users was mixed up. On March 20, 2023, ChatGPT creator OpenAI discovered a problem, and ChatGPT was down for several hours. Around that time, a few ChatGPT users saw the conversation history of other people instead of their own. Possibly more concerning was the news that payment-related information from ChatGPT-Plus subscribers might have leaked as well.

Read more
What is ChatGPT Plus? Here’s what to know before you subscribe

ChatGPT is completely free to use, but that doesn't mean OpenAI isn't also interested in making some money.

ChatGPT Plus is a subscription model that gives you access to a completely different service based on the GPT-4 model, along with faster speeds, more reliability, and first access to new features. Beyond that, it also opens up the ability to use ChatGPT plug-ins, create custom chatbots, use DALL-E 3 image generation, and much more.
What is ChatGPT Plus?
Like the standard version of ChatGPT, ChatGPT Plus is an AI chatbot, and it offers a highly accurate machine learning assistant that's able to carry out natural language "chats." This is the latest version of the chatbot that's currently available.

Read more
ChatGPT shortly devolved into an AI mess

I've seen my fair share of unhinged AI responses -- not the least of which was when Bing Chat told me it wanted to be human last year -- but ChatGPT has stayed mostly sane since it was first introduced. That's changing, as users are flooding social media with unhinged, nonsensical responses coming from the chatbot.

In a lot of reports, ChatGPT simply spits out gibberish. For example, u/Bullroarer_Took took to the ChatGPT subreddit to showcase a response in which a series of jargon and proper sentence structure gives the appearance of a response, but a close read shows the AI spitting out nonsense.

Read more