An AI Chatbot May Have Helped Create This Malware Attack

/in


A hacking group has been spotted possibly using an AI program such as ChatGPT, Google’s Gemini, or Microsoft Copilot to help refine a malware attack. 

Security firm Proofpoint today published a report about the group, dubbed “TA547,” sending phishing emails to businesses in Germany. The emails are designed to deliver the Windows-based Rhadamanthys malware, which has been around for several years. But perhaps the most interesting part of the attack is that it uses a PowerShell script that contains signs it was created with an AI-based large language model (LLM).

Hackers often exploit PowerShell since it’s a powerful tool in Windows that can be abused to automate and execute tasks. In this case, the phishing email contains a password-protected ZIP file, that when opened, will run the hacker-created PowerShell script to decode and install Rhadamanthys malware on the victim’s computer. 

While investigating the attacks, Proofpoint researchers examined the PowerShell script and found “interesting characteristics not commonly observed in code used” by human hackers, the company wrote in a blog post.  

What stuck out was the presence of the pound sign #, which can be used in PowerShell to make single line comments explaining the purpose of a line of computer code

Image of the powershell script code

(Credit: Proofpoint)

“The PowerShell script included a pound sign followed by grammatically correct and hyper specific comments above each component of the script. This is a typical output of LLM-generated coding content, and suggests TA547 used some type of LLM-enabled tool to write (or rewrite) the PowerShell, or copied the script from another source that had used it,” Proofpoint says.

Indeed, if you ask ChatGPT, Copilot, or Gemini to create a similar PowerShell script, they’ll respond in the same format, placing pound symbols along with an explanation. In contrast, a human hacker would probably avoid such comments, especially since their goal is to disguise their techniques.

Recommended by Our Editors

ChatGPT placing the pound symbols

(Credit: ChatGPT)

Still, Proofpoint can’t definitively say TA547 created the PowerShell script with the help of an AI chatbot. Nevertheless, the case illustrates how cybercriminals can harness…

Source…