A team of researchers has created an AI-powered worm, a piece of malware that can steal data, spread other malware, and spam others via email. The worm, named Morris II, was developed and is successfully running in a test environment using popular LLMs.
Based on their findings, the researchers developed advice for generative AI manufacturers and highlighted the potential dangers of malware. The team shared the research and published a video that shows how two methods are used to steal data and impact email clients.
The creators of the experiment were Ben Nassi from Cornell University, USA, Stav Cohen from the Israel Institute of Technology and Ron Bitton from the software company Intuit. They named it Morris II after the original Morris, the first computer worm that caused widespread trouble on the Internet in 1988. The software works by targeting generative AI programs and with AI-enabled email assistants that generate text and images – Gemini Pro, ChatGPT 4.0 and LLaVA.
It works through a self-replicating hint that is used against models, similar to how jailbreaking works to spread toxic content using AI. The researchers demonstrated this by building an email system with these generative AI engines and using a prompt that self-replicates from text or an embedded image file.
The text message infects the email assistant, which uses LLM to consume additional data from outside the system, which is then sent to GPT-4 or Gemini Pro to generate text content. This content hacks the AI service and successfully steals data. Another method encodes a self-healing hint in an image and causes the email assistant to forward messages containing the desired content to everyone, infecting new email clients and forwarding the infected messages further. During both experiments, researchers were able to obtain sensitive information, including credit card information and Social Security numbers.
An AI worm that actually functions even in a controlled environment proves that this possibility is no longer theoretical and requires serious consideration and effective solutions.
Созданное с помощью ChatGPT вредоносное ПО для кражи данных прошло проверку на VirusTotal
Source: Tom's Hardware
The competition for ITS authors continues. Write an article about the development of games, gaming and gaming devices and win a professional gaming wheel Logitech G923 Racing Wheel, or one of the low-profile gaming keyboards Logitech G815 LIGHTSYNC RGB Mechanical Gaming Keyboard!