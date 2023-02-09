Hackers are selling malware products with integrated ChatGPT capabilities that allow users to easily create malicious code or phishing emails, Check Point Research reports.

The security firm previously discovered that cybercriminals were also using ChatGPT to improve the coding in basic Infostealer malware from 2019.

But ChatGPT’s API provides even more powerful and dangerous content crafting capabilities.

Check Point explained that OpenAI had built restrictions into ChatGPT’s website-based interface that prevents the language model from creating malicious content for general users.

When prompted to write a phishing email or malware code, for example, ChatGPT will refuse to do so.

ChatGPT even explains that writing and distributing such content would be illegal, as illustrated in the screenshots below.

But hackers on underground forums have detailed how they were able to use the ChatGPT API, intended to help developers integrate the language model into their apps, to make malicious content without any problems.

Check Point said that the ChatGPT API currently had very few — if any — anti-abuse measures in place.

The hackers primarily advertise Telegram bots for which they have added ChatGPT functionality.

Asking one such bot to create a phishing email impersonating a bank and malware code that collects PDF files and send them to a server-generated the responses below.

The bot can be used for 20 free queries, after which users are charged $5.50 (R97) for every 100 requests.

While phishing emails are very common, scammers are often let down by basic spelling or grammar mistakes.

The example response given by Check Point did not have any spelling or grammar mistakes.

However, it was a bit contradicting, as it provided a space for inserting a phishing link before warning the targeted customer not to click any links within the email.

But more experienced scammers would easily spot the problem and remove the line advising against clicking on any links.

Another cybercriminal wrote a bash script that supposedly bypasses the anti-abuse restrictions of the API for direct queries, instead of having to use Telegram.