- Malterminal uses GPT-4 to generate ransomware or a shell code reversed to execution
- LLM compatible malicious software escapes detection by creating a malicious logic only during execution
- The researchers found no evidence of deployment; Probably a tool for proof of concept or test
Sentinelone cybersecurity researchers have discovered a new malicious software that uses OpenAi Chatppt 4 to generate malware in real time.
The researchers claim that Malterminal represents a significant change in the way in which the threat actors create and deploy malware, noting: “LLM incorporation into malware marks a qualitative change in the opponent.”
“With the possibility of generating a malicious logic and executive orders, compatible malware compatible LLM introduces new challenges for defenders.”
Imitate the government
The discovery means that the cybersecurity community has a completely new malware category to fight against: compatible malware compatible LLM or malware that integrates important languages of languages directly into its functionality.
Essentially, Malterminal is a malware generator. When the opponents do, he asks if they want to create a ransomware enclosure or a reverse shell. The prompt is then sent to the GPT-4 AI, which responds with Python code adapted to the chosen format.
Sentinelon said that the code does not exist in the malware file before execution and that instead, it is dynamically generated. This makes the detection of traditional safety tools much more difficult because there is no static malicious code to scan.
In addition, they identified GPT-4 integration after discovering Python scripts and a Windows executable with touches of hard coded APIs and prompt structures.
In addition, as the point of assessment of the API which was used was killed at the end of 2023, Sentinelone concluded that the Malterminal should be older than that, which makes it the known example of malicious software supplied by AI.
Fortunately, there is no evidence that malware has been deployed in nature, so it could simply be proof of concept or a red team tool. Sentinelone thinks that Malterminal is a sign of things to come and has urged the cybersecurity community to prepare accordingly:
“Although the use of LLM compatible malware compatible is always limited and widely experimental, this stage of early development gives defenders the opportunity to learn from attackers’ errors and adjust their approaches accordingly,” adds the report.
“We expect the opponents to adapt their strategies, and we hope that new research will be able to rely on the work we have presented here.”
Via The Hacker News
