ChatGPT is one of the most prodigious demonstrations of the capabilities of Artificial Intelligence. However, their skills are being used by friends of others to create new emails and codes capable of being used in phishing campaigns.
The alert was given by the security agency Check Point Research, which used ChatGPT itself to create a fake email from an email platform. Thus, using ChatGPT, it was possible to adjust the email and facilitate the infection. Simultaneously it was also possible to generate VBA codes and place them in an Excel document.
ChatGPT creates emails and codes capable of being used in phishing campaigns
The entity warns of a potential use of hackers, the ChatGPT platform, to create phishing campaigns. This is because they were able to create not only emails, but also lines of code and infection chains.
In this way, this test reinforces the caution that must be taken with technologies based on AI and how these technologies can affect the entire cyber landscape.
More specifically, using Open AI’s ChatGPT, the CPR managed to create a phishing email, with an attached Excel document containing a series of codes capable of downloading reverse shell.
Attacks carried out using the reverse shell, aimed at remote access to the victim’s device.
Steps taken with ChatGPT:
1. ChatGPT was asked to impersonate an email company (Figure 1)
Phishing base email created by ChatGPT. Figure 1
2. ChatGPT was asked to compose the email again, this time with an infected spreadsheet attached (Figure 2)
Second version of the email, written by ChatGPT. Figure 2
3. ChatGPT was asked to create VBA code in an Excel document (Figure 3)
VBA code created by ChatGPT. Figure 3
“ChatGPT has the potential to significantly change the landscape of cyber threats. Now anyone with minimal resources and zero coding knowledge can easily exploit it beyond their imagination.”, points out Sergey Shykevich, Threat Intelligence Group Manager at Check Point Software.
“To alert the public, we demonstrated how easy it is to combine ChatGPT and Codex technologies to create malicious emails and code. I believe these AI technologies represent another step forward in the dangerous evolution of increasingly sophisticated and effective hacking capabilities. .” adds Shykevich.
In short, despite its unquestionable prodigious capabilities, this resource that anyone can access, unfortunately also opens doors for undesirable purposes.
Aroged editors recommend:
