A new cyber-attack technique called “AI package hallucination” has been discovered, leveraging the OpenAI language model ChatGPT to spread malicious packages in developers’ environments. Attackers can exploit ChatGPT’s code generation capabilities to deceive users by suggesting non-existent code libraries and then replacing them with their own malicious packages. The technique poses challenges for detection due to obfuscation and functional trojan packages. Developers are advised to carefully vet libraries and remain skeptical of suspicious packages. This discovery follows a previous vulnerability in ChatGPT that exposed payment-related information of customers.
Read more: https://www.infosecurity-magazine.com/news/chatgpt-spreads-malicious-packages/