AI-Powered Worm Creeps into Computers to Read Emails, As Zero-Click Malware Advances

In the ever-evolving landscape of cybersecurity threats, researchers have unveiled a new artificially intelligent worm capable of breaching email systems without any user interaction. This automated threat, nicknamed Morris II, is a nod to the original computer worm from 1988, signifying its advancement from predecessors.

The Rise of Morris II: A Silent Email Intruder

An international coalition of experts from the United States and Israel engineered Morris II to demonstrate the potential dangers posed by generative artificial intelligence (GenAI). It specifically targets applications powered by AI, including those using prominent platforms such as OpenAI's ChatGPT and Google's Gemini.

Already proven capable against GenAI-based email assistants, Morris II can quietly siphon personal information and launch unrequested spamming operations.

A New Era of Zero-Click Malware

What distinguishes Morris II from traditional cyber threats is that it operates autonomously, without the need for the targeted user to perform an action like clicking a malicious link. The worm exploits the processes of generative AI tools to proliferate itself and initiate its harmful actions.

As described by the inventors, the worm slips malicious prompts into inputs that, when digested by a GenAI model, results in the duplication of the worm's code. This sophisticated approach empowers the worm to spread across connected GenAI platforms without human intervention.

This research is encapsulated in a study called 'ComPromptMized: Unleashing zero-click worms that target GenAI-powered applications.' Since its unveiling, industry professionals have been on high alert for the potential misuse of GenAI by cybercriminals.

With the potential to mimic human writers, these AI tools could empower attackers, regardless of their linguistic skills, to craft deceptive communications effectively. Notably, cybersecurity agency CrowdStrike highlighted in their Global Threat Report that state-affiliated groups and hackers have begun experimenting with GenAI technologies such as ChatGPT.

CrowdStrike forecasts an increased use of GenAI for cybercrime as the technology gains more traction, potentially reshaping the threat landscape in 2024 and beyond.

AI, malware, cybersecurity