Artificial Intelligence & Machine Learning , Cybercrime , Events

Malware Taps Generative AI to Rewrite Code, Avoid Detection

Mikko Hypponen Talks GPT-Enhanced Malware, Russian Cyber Operations and More
Mikko Hyppönen, chief research officer, WithSecure

Finnish cybersecurity expert Mikko Hyppönen recently received an email he wasn't expecting: A malware developer sent him a copy of "LL Morpher," a brand-new virus he'd written, which uses OpenAI's GPT large language models.

See Also: Ransomware Response Essential: Fixing Initial Access Vector

"It's the first malware we've ever seen which uses GPT to rewrite its code," said Hyppönen, who's chief research officer at WithSecure, of the worm, which is written in Python and designed to infect Python files on a victim's system. Instead of copying its functions into the infected file, the malware uses an API key to call GPT and give it English-language instructions about the malicious functionality it wants to be created.

"It calls GPT to write the code for it, which means every time it's different, and it will be trivial to modify to write it in any other language," Hyppönen said. "The whole AI thing right now feels exciting and scary at the same time."

Thus far, this piece of malware is more proof-of-concept than actual threat, in that it's available via GitHub, and for now could be contained by blocking the API key. Even so, Hyppönen says it should be perfectly possible to build malware that has LLMs built in, in coming years, and which uses them to build tough-to-detect malware on the fly.

In this video interview with Information Security Media Group at RSA Conference 2023, Hyppönen discusses:

  • The present and future impact of generative artificial intelligence on the cybercrime landscape;
  • The biggest cyber operation surprises since Russia intensified its invasion of Ukraine last year;
  • The cyber impact of Finland joining NATO.

Hyppönen has assisted law enforcement in the U.S., Europe and Asia on cybercrime cases since the 1990s and also advises governments regarding cybercrime. His expert research has been featured in publications including The New York Times, Wired, and Scientific America. He frequently appears on international TV and has given talks at Stanford, Oxford and Cambridge universities. He has delivered hundreds of talks and presentations in over 40 countries at conferences worldwide, including Black Hat, DEF CON, DLD and this year's RSA Conference.


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.