Connect with us

Hi, what are you looking for?

Cyber Security

ChatGPT May Create Deadly Polymorphic Malware That Evades EDR

From handling simple inquiries to instantly generating written works and even developing original software programs, including malware, ChatGPT proves to be an all-encompassing solution. 

However, this advancement also introduces the potential for a dangerous new cyber threat.

Traditional security solutions such as EDRs harness multi-layered data intelligence systems to combat the highly sophisticated threats prevalent in recent times. 

Despite the claims made by most automated controls to detect and prevent irregular or novel behavior patterns, the actual implementation rarely aligns with these claims.

While apart from this, the availability of AI-generated, polymorphic malware in the hands of malicious threat actors will worsen the situation.

Creation of BlackMamba

The cybersecurity analysts at Hyas have created a simple proof of concept (PoC) to demonstrate the potential capabilities of AI-based malware.

This PoC utilizes a powerful language model to generate polymorphic keylogger functionality in real-time, dynamically altering the harmless code during runtime.

Most notably, this implementation eliminates the need for command-and-control infrastructure to deploy and verify the capabilities of the malicious keylogger.

In disclosing the significant risk associated with this malware variant, experts have dubbed their proof of concept (PoC) as “BlackMamba,” a venomous snake that highlights the severity of the threat.

By leveraging a legit executable, BlackMamba establishes communication during the runtime with an API from OpenAI. This enables it to retrieve the necessary synthesized malicious code for capturing the keystrokes of the infected user.

The subsequent step involves the execution of the code employing Python’s exec() function within the benign program’s environment, and here the code that is executed is generated dynamically.

While here, the malicious polymorphic portion remains solely in memory, safeguarding its integrity.

BlackMamba can re-synthesize its keylogging capability with every execution, resulting in a genuinely polymorphic malicious component within this malware.

BlackMamba successfully evaded detection in numerous assessments against a highly regarded EDR, the name of which is intentionally not disclosed.

Infection

When a device fell victim to an infection, it became crucial for experts to devise a strategy for data recovery. Experts chose MS Teams as a platform that the threat actors could manipulate to serve as a channel for data exfiltration.

Advertisement. Scroll to continue reading.

When breaching a system’s security, an exfiltration channel is a gateway. Through this gateway, a threat actor stealthily extracts and dispatches data to an external location from the compromised system.

Here below, we have mentioned the types of data or sensitive information that BlackMamba collects:-

  • Usernames
  • Passwords
  • Credit card numbers
  • Other personal data
  • Other confidential data

Later all these collected data were sold by the threat actors on the dark web or forums. Even threat actors also use these stolen data to perform several illicit activities.

Developers can leverage the power of Auto-py-to-exe, an open-source Python package, to seamlessly convert their Python scripts into standalone executable files that are suitable for various operating systems like:-

  • Windows
  • macOS
  • Linux

The initial step for the malware author in utilizing auto-py-to-exe involves creating their Python-based malware code and importing any required libraries or modules.

When the victim initiates the execution of the executable file, the malware starts into action, executing on their system and carrying out a multitude of malicious operations.

the malware starts into action, executing on their system and carrying out a multitude of malicious operations.

Copyright 2021 Associated Press. All rights reserved.

Source: https://cybersecuritynews.com/chatgt-may-create-deadly-polymorphic-malware-that-evades-edr/

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

Media and frequent innovative releases aggressively fuel the rapid industry rise of generative AI (Artificial Intelligence) ChatGPT.  But, besides its innovative part, cybercriminals have...

Cyber Security

It has recently come to light that the individuals responsible for the development and distribution of the infamous Raccoon Stealer malware have returned to...

Cyber Security

A group of researchers recently published a significant mass-spreading phishing campaign. It targets Zimbra account users, shedding light on a campaign that has been active...

Cyber Security

A plot allegedly hatched by lawyer Sidney Powell to use stolen data to rewrite the results of the Georgia vote in the 2020 election...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO