This article discusses how Clipboard Protection has revealed the use of AI tools like ChatGPT in the development of malware, particularly a Remote Access Trojan (RAT) known as NetSupport RAT. The investigation shows how attackers leverage AI to create and refine malicious scripts that trick users into executing harmful payloads. Affected: Clipboard Protection, ChatGPT, NetSupport RAT, TradingView
Keypoints :
- Clipboard Protection feature uncovers malicious payloads by analyzing copied content.
- Attackers are utilizing AI tools like ChatGPT to create and refine malware scripts.
- The development of a malicious script occurs in three stages: initial drafts, refinement, and final version.
- The final version of the script poses as a legitimate TradingView prompt to mislead users.
- Clipboard Protection plays a crucial role in identifying and mitigating emerging threats in the cyber landscape.
MITRE Techniques :
- TA0001: Initial Access – Attackers create drafts of malicious scripts using ChatGPT, gaining initial access to systems.
- TA0002: Execution – The malicious script, masquerading as a TradingView prompt, executes terminal commands to install malware.
- TA0005: Defense Evasion – The refinement stage enhances the script’s functionality, helping it evade detection.
Indicator of Compromise :
- [SHA256] 46114741a409cdc05b10152cd469dd724dd44e1e61155ab47de26799c96d298f
- [SHA256] 25dbd7505d600dbe024f5491a61c9a1ee16b81c151f7e8fd633d7144fe045106
- [SHA256] cd341e404f40bd826e4e3b5a60db28161a70a29a9fb360c74884c6254b0031a8
- [URL] https://pasteco[.]com/t2yc80yb