ChatGPT uncovers Mac malware on the Dark Web
William GallagherMalware illustration
A cybersecurity firm says it asked ChatGPT to find new Mac security threats, and after some delving, it found one sold on a Russian server.
Guardz Cyber Intelligence Research (CIR) most recently uncovered ShadowVault, and reports that it has now followed up that find with a new one — made initially by AI.
"In this follow-up post, Guardz CIR (Cyber Intelligence Research) team decided to leverage the power of AI, much like we do in our phishing protection service," writes the team in a blog post, "We asked ChatGPT about additional mac-OS threats that lurk somewhere on the Dark Web."
Based on the group's screenshots, ChatGPT appears to have started by just telling the firm that "yes, there are likely to be other cyber threats for macOS on the Dark Web." But there must be more, as the group then said that motivated by ChatGPT, "our researchers delved back into the depths of the cybercrime underground to authenticate this lead."
The lead was to the discovery of a malware utility being sold on a Russian cybercrime forum called "Exploit." The malware is a Hidden Virtual Network Computing (HVNC) utility that exploits how HVNC apps are legitimately used to remotely control other computers.
In this case, it means that potentially a bad actor could entirely take control of a victim's Mac, and the user need not even be aware of them.
This HNVC malware is being offered for "a lifetime price of $60,000," and comes with an offer of "more malicious capabilities" for an extra $20,000. According to Guardz, the malware has been on sale since April 2023.
Guardz does also say that there are as yet no reports of this malware being used. Apple has not yet commented on its findings.
Mike Wuerthele
Malcolm Owen
Chip Loder
Christine McKee
Michael Stroup
