RatGPT: Turning online LLMs into Proxies for Malware Attacks

The evolution of Generative AI and the capabilities of the newly released Large Language Models (LLMs) open new opportunities in software engineering. However, they also lead to new challenges in cybersecurity. Recently, researchers have shown the possibilities of using LLMs such as ChatGPT to gener...

Full description

Saved in:
Bibliographic Details
Published inarXiv.org
Main Authors Beckerich, Mika, Plein, Laura, Coronado, Sergio
Format Paper
LanguageEnglish
Published Ithaca Cornell University Library, arXiv.org 07.09.2023
Subjects
Chatbots
Command and control
Cybersecurity
Generative artificial intelligence
Large language models
Malware
Software engineering
Online AccessGet full text

Cover

More Information
Summary:The evolution of Generative AI and the capabilities of the newly released Large Language Models (LLMs) open new opportunities in software engineering. However, they also lead to new challenges in cybersecurity. Recently, researchers have shown the possibilities of using LLMs such as ChatGPT to generate malicious content that can directly be exploited or guide inexperienced hackers to weaponize tools and code. These studies covered scenarios that still require the attacker to be in the middle of the loop. In this study, we leverage openly available plugins and use an LLM as proxy between the attacker and the victim. We deliver a proof-of-concept where ChatGPT is used for the dissemination of malicious software while evading detection, alongside establishing the communication to a command and control (C2) server to receive commands to interact with a victim's system. Finally, we present the general approach as well as essential elements in order to stay undetected and make the attack a success. This proof-of-concept highlights significant cybersecurity issues with openly available plugins and LLMs, which require the development of security guidelines, controls, and mitigation strategies.
ISSN:2331-8422