Cybersecurity experts at SentinelLabs have uncovered a new threat in the form of “Predator AI,” a Python-based infostealer and hacking tool designed to target cloud services.
What sets this malicious tool apart is its integration of artificial intelligence, specifically a ChatGPT-driven class embedded within the Python script. This AI integration introduces a chat-like text-processing interface, not only streamlining Predator AI’s functionality but also reducing its reliance on the OpenAI API. The tool, consisting of over 11,000 lines of code and featuring a graphical user interface based on Tkinter, is primarily disseminated through Telegram channels associated with hacking communities.
Predator AI’s core functionality revolves around enabling web application attacks on commonly used technologies, such as content management systems like WordPress and cloud email services like AWS SES.
It’s worth noting that this tool shares similarities with other tool sets like AlienFox and Legion cloud spamming tool sets, all of which repurpose publicly available code for malicious purposes. SentinelLabs emphasized that Predator AI is actively maintained and receives updates, including the recent addition of a Twilio account checker. Although the developers maintain that the tool is intended for educational purposes and discourage illegal use, there are concerns regarding its potential impact.
While Predator AI introduces an intriguing level of AI integration, SentinelLabs clarified that it doesn’t substantially enhance an attacker’s capabilities. Additionally, the AI feature has not been widely advertised on the actor’s Telegram channel, and there may be several edge cases that render it unstable and potentially costly.
To mitigate the risks posed by such tools, organizations are advised to maintain up-to-date systems, restrict internet access, and utilize cloud security posture management tools. SentinelLabs also stressed the importance of implementing specialized logging and detection mechanisms to identify unusual activities within cloud service provider resources, including the rapid addition of new user accounts and the immediate deletion of existing ones.