OpenAI’s ChatGPT chat app garnered a lot of attention when it was released in late November 2022, and some security experts cautioned at the time that if fallen in the wrong hands the AI chatbot could be abused for nefarious purposes, such as generating malicious code.

ChatGPT (Generative Pre-trained Transformer) is a large language model chatbot built on top of OpenAI's GPT-3 family, which interacts in a human-like conversational way. Among other things, it can be used to help with tasks like composing emails, essays and code.

In its recent report cybersecurity firm Check Point said that bad actors are already taking advantage of the AI-based chatbot to develop malicious tools, and some of the cases demonstrated that many cybercriminals using OpenAI have no development skills at all. The company described three separate cases where less experienced cybercriminals would be able to easily recreate workable malware strains capable of infiltrating a network by following the specific instructions provided to them by ChatGTP.

In one instance, a malware author disclosed on a hacker forum how they were experimenting with ChatGPT to recreate known malware strains and techniques. As an example, the author shared the code of a Python-based stealer that searches for common file types, copies them to a random folder inside the Temp folder, ZIPs them and uploads them to a hardcoded FTP server.

In another case a threat actor posted a Python script that performs cryptographic operations on the hacker forum, claiming it was the first script he ever created. The threat actor said that the OpenAI gave him a “nice [helping] hand to finish the script with a nice scope.”

The researchers have also spotted a discussion where a cybercriminal disclosed how he had used ChatGPT to create an entirely automated Dark Web marketplace for trading stolen bank account and payment card data, malware tools, drugs, ammunition, and a variety of other illicit goods.

“It’s still too early to decide whether or not ChatGPT capabilities will become the new favorite tool for participants in the Dark Web. However, the cybercriminal community has already shown significant interest and are jumping into this latest trend to generate malicious code,” the security firm concluded.