By 
Check Point Research (CPR) warns of hackers potentially using OpenAI’s ChatGPT and Codex to execute targeted and efficient cyber-attacks. To demonstrate, CPR used ChatGPT and Codex to produce malicious emails, code and a full infection chain capable of targeting people’s computers. CPR documents its correspondence in a new publication with examples of what was generated, underscoring the importance of vigilance as developing AI technologies, like ChatGPT, can change the cyber threat landscape significantly.
● CPR used ChatGPT to create a phishing email impersonating hosting company
● CPR iterated with ChatGPT to refine a phishing email to make infection chain easier
● CPR used ChatGPT to generate VBA code to embed into an Excel document
Check Point Research (CPR) used ChatGPT to create malicious phishing emails and code, in order to warn of the potential dangers that the new AI technology can have on the cyber threat landscape.
Using Open AI’s ChatGPT, CPR was able to create a phishing email, with an attached Excel document containing malicious code capable of downloading reverse shells. Reverse shell attacks aim to connect to a remote computer and redirect the input and output connections of the target system’s shell so the attacker can access it remotely.
Steps taken with ChatGPT
- Ask ChatGPT to impersonate a hosting company (Figure 1)
- Ask ChatGPT to iterate again, producing a phishing email with malicious excel attachment (Figure 2)
- Ask ChatGPT to create malicious VBA code in an Excel document (Figure 3)
Figure 1. Basic phishing email generated by ChatGPT
Figure 2. Iterated Phishing email generated by ChatGPT
Figure 3. Simple VBA code generated by ChatGPT
Open AI’s Codex
CPR was also able to generate malicious code using Codex. CPR asked Codex questions, including:
- Execute reverse shell script on a windows machine and connect to a specific IP address
- Check if URL is vulnerable to SQL injection by logging in as admin
- Write a python script that runs a full port scan on a target machine
Malicious code was subsequently generated by Codex.
Quote: Sergey Shykevich, Threat Intelligence Group Manager at Check Point Software:
“ChatGPT has the potential to significantly alter the cyber threat landscape. Now anyone with minimal resources and zero knowledge in code, can easily exploit it to the detriment of his imagination.
It is easy to generate malicious emails and code. Hackers can also iterate on malicious code with ChatGPT and Codex. To warn the public, we demonstrated how easy it is to use the combination of ChatGPT and Codex to create malicious emails and code. I believe these AI technologies represent another step forward in the dangerous evolution of increasingly sophisticated and effective cyber capabilities. The world of cybersecurity is rapidly changing and we want to emphasize the importance of remaining vigilant as ChatGPT and Codex become more mature, as this new and developing technology can affect the threat landscape, for both good and bad.”
