2023-06-13 21:18:00
According to Info World opinion article, ChatGPT is being used by hackers to create new shortcuts to malicious domains. The movement of criminals has been to make a cloud attack through artificial intelligence language model for developers.
Experts are seeing ChatGPT generate URLs, references, code libraries, and functions that don’t exist. According to the report, this is coming from old training data. Through ChatGPT’s code generation capabilities, attackers can exploit manufactured code libraries (packages) maliciously distributed, also bypassing conventional methods such as typosquatting, known as URL hijacking technique or domain mimicry.
With this practice, individuals or organizations register domain names as popular or legitimate websites, but with minor typographical errors. The intent is to trick users who make the same typo when entering a URL.
Another attack involves asking ChatGPT a question, requesting a package to solve a specific encoding issue, and receiving multiple package recommendations that include some not published in legitimate repositories. By replacing these non-existent packages with malicious ones, attackers can trick future users by relying on ChatGPT recommendations.
Potential risks can be seen in ChatGPT 3.5, but one of the ways to defend once morest the attack is that developers need to scan libraries, checking creation date and download count.
And you, have you ever witnessed any malicious movement involving ChatGPT? Leave your comment below!
1686716580
#Hackers #ChatGPT #create #URLs #lead #malicious #domains
