Cybersecurity researchers at SentinelLabs have uncovered a new Python-based infostealer and hack tool named “Predator AI.”
The malicious tool is specifically designed to target cloud services and integrates artificial intelligence (AI) technology, specifically a ChatGPT-driven class implemented into the Python script.
The inclusion of the GPTj class adds a chat-like text-processing interface to interact with the tool’s features. This integration aims to reduce reliance on the OpenAI API while also streamlining Predator AI’s functionality.
Predator AI, with over 11,000 lines of code, uses a graphical user interface (GUI) based on Tkinter. It comprises various classes that handle different functionalities, including web application security scans and integration with cloud services.
Read more on AI-enabled malware: New ChatGPT Attack Technique Spreads Malicious Packages
The tool is primarily distributed through Telegram channels linked to hacking communities. Its core functionality is facilitating web application attacks on commonly used technologies, including content management systems like WordPress and cloud email services like AWS SES.
It’s worth noting that Predator AI shares similarities with other tool sets like AlienFox and Legion cloud spamming tool sets, as they repurpose publicly available code for their malicious purposes.
According to an advisory published by SentinelLabs on Tuesday, this tool is actively maintained and receives updates, with a recent addition of a Twilio account checker. The developers emphasized that the tool is for educational purposes and discourages illegal use.
“While Predator AI is likely somewhat functional, this integration does not substantially increase an attacker’s capability,” SentinelLabs clarified. “The feature has not yet been advertised on the actor’s Telegram channel, and there are likely many edge cases that make it unstable and potentially expensive.”
Organizations can mitigate the risk posed by such tools by maintaining up-to-date systems, restricting internet access and employing cloud security posture management tools.
SentinelLabs also advised the importance of implementing specialized logging and detection mechanisms to identify unusual activities within cloud service provider (CSP) resources, including the rapid addition of new user accounts and immediate deletion of existing ones.