Cybercriminals Harness AI for New Era of Malware Development

Observations made by researchers at Group-IB showcase cybercriminals increasingly harnessing the power of artificial intelligence to develop more advanced and potent malware, as evidenced by the escalating number of ransomware attacks and the collaborative efforts between ransomware groups and initial access brokers. The latest report from Group-IB reveals a significant surge in compromised ChatGPT credentials, highlighting a critical security threat for businesses worldwide. From January 2023 to October 2023, Group-IB detected more than 225,000 logs up for sale on the dark web containing compromised ChatGPT credentials. Group-IB found these compromised credentials within the logs of information-stealing malware traded on illicit dark web marketplaces. Notably, the number of compromised hosts with access to ChatGPT detected between June 2023 and October 2023 was more than 130,000, an increase of 36% compared to the preceding five-month period (January-May 2023). The number of available logs containing ChatGPT logs peaked in the final month of the study – in October 2023 – when 33,080 were registered. Group-IB’s analysis found that the majority of the logs containing ChatGPT accounts were breached by the LummaC2 information stealer.

Security Officer Comments:
Moreover, AI is being utilized by threat actors to craft highly sophisticated malware, generate convincingly deceptive social engineering text, and streamline their operational processes. The report also sheds light on the growing interest of global threat actors targeting Apple platforms, particularly evident in the fivefold increase in underground sales related to macOS information stealers. Furthermore, the shift to iOS devices, raises concerns, particularly given the alarming surge in compromised ChatGPT credentials.