ChatGPT Used to Develop New Malicious Tools

May 17, 2023

Cybercriminals have been employing ChatGPT to craft new malicious tools. This AI-driven technology enables cybercriminals to code malware and ransomware without needing technical expertise or experience.

Security professionals should consider teaching their users how to detect and report phishing emails that contain ChatGPT-generated content. It’s a skill that’s easy to learn, which could protect an organization from being hacked.

Cybercriminals are circumventing bot restrictions to develop new malicious tools

ChatGPT is an AI-powered chatbot that has taken the internet by storm. It can do everything from help plan parties to writing college essays in seconds. Companies such as Microsoft, Google and Opera are now incorporating this AI model into their products.

According to Check Point Research researchers, ChatGPT bots can do some good but also serve malicious purposes. CPR discovered that cybercriminals in underground hacking forums are creating “infostealers”, encryption tools and fraud activity with the assistance of ChatGPT.

Researchers believe threat actors are employing ChatGPT for malicious purposes, as it’s a useful tool that teaches them how to create malware. Cybercriminals are circumventing restrictions by employing the ChatGPT script generator to craft usable malware which could phish for user credentials, steal files and send them offsite, or encrypt sensitive data for ransom.

Sergey Shykevich, manager of Check Point’s Threat Intelligence Group, explained that hackers using the tool lack programming expertise or even any coding ability. Yet they’re able to use it to generate effective malware strains capable of phishing for user credentials and stealing files. Once created, these cybercriminals could then distribute these results on the dark web in order to gain a foothold within an organization’s network.

Some users on online hacking forums have admitted using ChatGPT to craft new malware and distribute the results on the dark web. One participant posted a Python script which he described as his first attempt; OpenAI provided him with “a helpful hand to finish the script with an interesting scope,” suggesting that ChatGPT can be an invaluable resource for future cybercriminals with minimal programming expertise.

In addition to helping them craft new malware, hackers are also using ChatGPT to replicate malicious strains and techniques described in research publications and write-ups by security firms. This can be a risky practice since these replicas are highly accurate, allowing them to penetrate an organization’s network and take control of it.

Furthermore, cybercriminals using ChatGPT to create malicious tools often don’t take care with their output. These may be sexist, racist and contain offensive content that could be detrimental to society as a whole. Thus, security firms must keep an eye out for malicious ChatGPT tools and take measures to stop them before any harm comes to anyone.

Cybercriminals are using ChatGPT to develop new malicious tools

Cybercriminals have been employing ChatGPT, an AI-driven chatbot that provides human-like answers to questions, to create new malicious tools. A report from Check Point Research has warned that this AI-driven platform is being employed for creating malicious codes for various purposes.

OpenAI created ChatGPT, an advanced bot that provides answers to queries in a natural way. It can also generate essays, poems and even complex code. Unfortunately, cybercriminals are using ChatGPT to craft malware and other harmful scripts that could steal your data according to researchers.

Security experts have discovered numerous online hacking forums discussing the use of ChatGPT to craft new tools for cybercrime. These communities contain users who openly discuss creating malware using a chatbot, yet these individuals lack even basic script writing knowledge – creating an immediate concern for companies looking to protect their systems from attacks.

Check Point Research recently stumbled upon a thread on an underground hacking forum where an advanced threat actor was using ChatGPT to replicate malware strains and techniques described in research publications and write-ups about common viruses. These posts appeared to be teaching less technically proficient cybercriminals how to utilize ChatGPT for malicious purposes with real examples they could immediately utilize.

This case illustrates the potential of ChatGPT to democratize cybercrime and pose a risk to national security. As it’s simple and non-technical, threat actors could easily create malicious tools with minimal or no training.


CPR recently discovered a post where an unknown threat actor created both a multi-layer encryption tool in Python and a tutorial on creating dark web marketplace scripts. These scripts enable traders to sell illegal goods on the dark web, mostly stolen accounts, payment cards, malware, and drugs.

Another case involved a post where the threat actor created a script that created an Android backdoor, enabling cybercriminals to install spyware and other malicious tools on the device. They also utilized this chatbot for developing a marketplace on the dark web where illegal goods could be sold with payment in bitcoin.

CPR believes threat actors will continue to leverage ChatGPT and other AI tools to craft malicious codes and create new cybercrime instruments. This could lead to an exponential rise in botnets and cyberattacks.

ChatGPT poses a huge privacy threat due to its non-ethical and morally questionable nature. The AI can pull information from the internet for malicious purposes like creating misinformation, crafting phishing emails, or being sexist or racist. Companies must keep an eye on ChatGPT as well as other AI tools in order to safeguard user data in case there is ever any security breach.

Data Security Through Data Literacy

Data Security Through Data Literacy

Unlocking data security through data literacy. Explore the pivotal role of understanding data in fortifying cybersecurity measures. Data is now pervasive, and it is important for people to understand how to work with this information. They need to be able to interpret...

Trojan Rigged Tor Browser Bundle Drops Malware

Trojan Rigged Tor Browser Bundle Drops Malware

Trojan Rigged Tor Browser Bundle drops malware. Stay vigilant against cybersecurity threats, and secure your online anonymity with caution. Threat actors have been using Trojanized installers for the Tor browser to distribute clipboard-injector malware that siphons...

Siri Privacy Risks: Unveiling the Dangers

Siri Privacy Risks: Unveiling the Dangers

Unveiling Siri privacy risks: Understand the potential dangers and take steps to enhance your digital assistant's security. Siri is a great piece of technology, but it can also be dangerous to users’ privacy. This is a serious issue that should be addressed....

Recent Case Studies

Press Releases

News & Events


Managed Security Services
Security & Privacy Risk Assessment
Cloud Platform Security
Incident Response & Business Continuity

Penetration Testing

Virtual CISO

Email Security & Phishing



About Us