Product reviews, deals and the latest tech news

Researchers Develop AI-Powered Worm Capable of Infiltrating Computers and Reading Emails

In a groundbreaking experiment that mirrors the pioneering spirit of the original 1988 computer worm, a team of security experts from the United States and Israel have engineered a self-replicating AI worm named Morris II. This sophisticated worm is designed to sneak into emails, paving the way for unprecedented malware spread and data theft, all while demonstrating the potential dangers lurking within generative artificial intelligence (GenAI) technologies.

Morris II is strategically crafted to prey on AI-enhanced applications, particularly those powered by leading-edge platforms like OpenAI’s ChatGPT and Google’s Gemini. Its capability was starkly demonstrated through successful breaches into GenAI-driven email assistants, extracting personal information and executing spamming maneuvers.

The most alarming revelation from the researchers is the worm’s classification as “zero-click malware.” This means victims are compromised without the need to interact with or execute the malware themselves. The nefarious activities, including the malware’s propagation, are autonomously executed by the GenAI tools in use, marking a chilling evolution in cyber threats.

“Our study unveils a novel class of threats where attackers harness carefully crafted prompts. These are designed to manipulate GenAI models into not only replicating these prompts but also performing harmful actions and spreading these malign instructions across the GenAI ecosystem,” the research team highlighted in their study, aptly titled ‘ComPromptMized: Unleashing zero-click worms that target GenAI-powered applications’.

This revelation comes in the wake of the debut of ChatGPT in 2022, a period that has seen a significant uptick in concerns over the potential misuse of generative AI by cybercriminals. The technology’s proficiency in emulating human-like text presents an advantage, especially for non-native English speakers aiming to craft deceptive emails and texts.

Echoing these concerns, cyber security powerhouse CrowdStrike, in its latest Global Threat Report, underscored the observation of nation-state actors and cyber vigilantes experimenting with GenAI tools like ChatGPT. “Generative AI is set to democratize and simplify the execution of sophisticated cyber attacks, effectively lowering the entry barrier for complex operations,” a CrowdStrike spokesperson shared with The Independent. The anticipation is high that generative AI will play a significant role in the cyber activity landscape throughout 2024, as its adoption continues to surge.

This development underscores the urgent need for robust cybersecurity measures and ethical considerations in the development and deployment of generative AI technologies, to counteract the potential for misuse in cyber warfare and criminal activities.