Feb 09, 2023 12:00:00

Hackers are selling ``a service that creates malware using ChatGPT''

OpenAI's conversational AI '

ChatGPT ' has become a hot topic for its ability to respond to questions and requests with high accuracy, just like a human, and has already been used for 'passing Google's coding job exam ' and ' There have been reports of cases such as ``receiving a passing score on the final exam for a master's degree in business administration (MBA) ''. ChatGPT is equipped with a function to block the generation of illegal content, but researchers at the cybersecurity company Check Point Software have discovered that a service that allows hackers to bypass ChatGPT's restrictions and create malware. '' was reported to be on sale.

Cybercriminals Bypass ChatGPT Restrictions to Generate Malicious Content - Check Point Software
https://blog.checkpoint.com/2023/02/07/cybercriminals-bypass-chatgpt-restrictions-to-generate-malicious-content/

Hackers are selling a service that bypasses ChatGPT restrictions on malware | Ars Technica
https://arstechnica.com/information-technology/2023/02/now-open-fee-based-telegram-service-that-uses-chatgpt-to-generate-malware/

ChatGPT can provide human-like answers to questions and requests, and allows users to generate documentation and programming code. However, ChatGPT, which is available from the web, has restrictions that block the generation of potentially illegal content, such as writing ``code to hack devices and steal data'' and ``the text of phishing emails.'' We will refuse your request and warn you that such content is illegal, unethical, or harmful.

However, in order to circumvent this ChatGPT restriction, hackers have devised a way to use the ``OpenAI API'' provided to developers who build apps. Although the web version of ChatGPT has features that block the generation of illegal content, the API has few anti-abuse measures in place and ChatGPT has features that block the generation of illegal content, such as malicious content such as phishing emails and malware code. It seems that it is possible to generate .

According to researchers at Check Point Software, underground forums sell services that integrate OpenAI's API keys into external applications such as the messaging app Telegram , making it possible to generate malicious content. The image below is a screenshot of a page promoting a Telegram bot that uses OpenAI's API to circumvent regulations.

By using ChatGPT through the Telegram bot, it is possible to generate the text of a phishing email.

It can also generate malware code.

A service being sold on a forum is a combination of an API and the Telegram app, and can be used for free for the first 20 queries, after which a fee of $5.5 (about 720 yen) is required for every 100 queries. It is a system.

Check Point Software researcher Sergey Shykevich said in an email to technology media Ars Technica that malware and phishing emails were relatively less likely to be generated via ChatGPT between December 2022 and January 2023. Although it was simple, ChatGPT's anti-exploitation mechanisms have recently improved significantly, leading cybercriminals to switch to a much less regulated API, he notes. Although Ars Technica contacted OpenAI, there was no response at the time of writing the article.

Ars Technica says, 'Creating malware and phishing emails is just one example of how ChatGPT is opening a Pandora's box of harmful content around the world, as well as other unsafe or unethical uses. Examples include invasion of privacy, generation of misinformation, and generation of school assignments.”