Published on: April 6, 2023
A keylogger recently carried out malicious attacks using ChatGPT in what has been a growing trend of cybercriminals taking advantage of the sophisticated AI tool.
The keylogger, dubbed BlackMamba, was made by Jeff Sims at the HYAS institute and works by tweaking its program in response to inputs from the user. It dynamically executes Python code at runtime, meaning that ChatGPT is called on to create a unique code that will be different for each victim. It’s then shared around the internet via social engineering scams, which are mostly email-based.
This further complicates problems, since the result is that it becomes polymorphic, meaning it’s constantly shifting. It makes it a lot harder for endpoint detection and response programs (EDRs) to block the attack.
The keylogger then collects personal information, including but not limited to, passwords, usernames, debit and credit card numbers, and personal data. They use MS Team to coordinate their attacks as well since MS Team can assist them in organizing all of their information, while at the same time, it provides them with assistance in gaining access to an organization’s internal resources.
Other team and work-based apps besides MS Team, like Slack, are also vulnerable and expected to see increasing amounts of cyber attacks. The BlackMamba threat is also compatible with Windows, Linux, and even Mac, which has a reputation for great security, so it’s important for users on every device to be careful.
What’s worse, the criminals who are using the BlackMamba keylogger can alter the code themselves and use ChatGPT to create new viruses, ransomware, keyloggers, trojans, and more that are significantly harder to detect and remove than traditional malware.
The amorphous nature of dynamically-created cyber threats means that it’s more important than ever to be careful about what programs you’re downloading or using online. As various governments around the world consider how to address the rise of AI and ChatGPT continues to evolve, the possibility for advanced cyber threats grows.