Cybersecurity researchers at SentinelLabs have uncovered a brand new Python-based infostealer and hack device named “Predator AI.”
The malicious device is particularly designed to focus on cloud providers and integrates synthetic intelligence (AI) know-how, particularly a ChatGPT-driven class applied into the Python script.
The inclusion of the GPTj class provides a chat-like text-processing interface to work together with the device’s options. This integration goals to scale back reliance on the OpenAI API whereas additionally streamlining Predator AI’s performance.
Predator AI, with over 11,000 strains of code, makes use of a graphical consumer interface (GUI) based mostly on Tkinter. It includes varied courses that deal with completely different functionalities, together with internet utility safety scans and integration with cloud providers.
Read more on AI-enabled malware: New ChatGPT Attack Technique Spreads Malicious Packages
The device is primarily distributed by Telegram channels linked to hacking communities. Its core performance is facilitating internet utility assaults on generally used applied sciences, together with content material administration programs like WordPress and cloud e-mail providers like AWS SES.
It’s value noting that Predator AI shares similarities with different device units like AlienFox and Legion cloud spamming device units, as they repurpose publicly out there code for his or her malicious functions.
In accordance with an advisory printed by SentinelLabs on Tuesday, this device is actively maintained and receives updates, with a latest addition of a Twilio account checker. The builders emphasised that the device is for academic functions and discourages unlawful use.
“Whereas Predator AI is probably going considerably practical, this integration doesn’t considerably enhance an attacker’s functionality,” SentinelLabs clarified. “The function has not but been marketed on the actor’s Telegram channel, and there are probably many edge instances that make it unstable and doubtlessly costly.”
Organizations can mitigate the danger posed by such instruments by sustaining up-to-date programs, limiting web entry and using cloud safety posture administration instruments.
SentinelLabs additionally suggested the significance of implementing specialised logging and detection mechanisms to establish uncommon actions inside cloud service supplier (CSP) assets, together with the speedy addition of recent consumer accounts and quick deletion of present ones.
