https://unit42.paloaltonetworks.com/using-llms-obfuscate-malicious-javascript
Cybersecurity researchers from Palo Alto Networks warn that large language models (LLMs) can be used by malicious actors to generate undetectable malware variants. LLMs, despite limitations in creating malware from scratch, can effectively rewrite and obfuscate existing malware, making it difficult for detection systems to identify.
LLMs for Malware Obfuscation
- Hackers can leverage LLMs to create more natural-looking transformations of malicious code, hindering detection by traditional methods.
- Repetitive application of these transformations can degrade the performance of malware classification systems, causing them to misclassify malicious code as benign.
Challenges and Potential Solutions
- LLM providers are implementing safeguards to prevent misuse, but threat actors are actively developing tools to exploit these models for malicious purposes.
- Researchers have demonstrated the generation of 10,000 undetectable JavaScript variants using LLMs, highlighting the potential scale of this threat.
- Adversarial machine learning techniques can be used to rewrite malware in a way that bypasses detection by machine learning models.
- LLM-generated obfuscation is more sophisticated than traditional methods, making it harder to identify.
Security researchers propose using similar techniques to generate training data that improves the robustness of machine learning models against LLM-obfuscated malware.