SentinelLabs cybersecurity researchers have recently discovered a new infostealer and hacking tool called “Predator AI,” developed using Python. This malicious tool specifically targets cloud services and incorporates artificial intelligence (AI) technology, particularly a ChatGPT-driven class embedded within the Python script.
The integration of the GPTj class introduces a chat-like text-processing interface, enhancing the tool’s functionality without relying heavily on the OpenAI API. With a codebase exceeding 11,000 lines, Predator AI utilizes a Tkinter-based graphical user interface (GUI) and features various classes to manage tasks such as web application security scans and cloud service integration.
Predator AI is predominantly disseminated through Telegram channels associated with hacking communities. Its primary objective is to facilitate web application attacks on widely used technologies, including content management systems like WordPress and cloud email services such as AWS SES.
It’s noteworthy that Predator AI exhibits similarities with other tool sets like AlienFox and Legion cloud spamming tools, repurposing publicly available code for malicious activities.
According to SentinelLabs’ advisory released on Tuesday, Predator AI is actively maintained, receiving updates, including a recent addition of a Twilio account checker. The developers stress that the tool is intended for educational purposes and discourage its illegal use.
SentinelLabs clarified that while Predator AI may be somewhat functional, the integration of the GPTj class does not significantly enhance an attacker’s capabilities. The feature has not yet been promoted on the actor’s Telegram channel, and potential instabilities and expenses may arise due to numerous edge cases.
To mitigate the risks associated with such tools, organizations are advised to maintain up-to-date systems, restrict internet access, and implement cloud security posture management tools. SentinelLabs also recommends the implementation of specialized logging and detection mechanisms to identify unusual activities within cloud service provider (CSP) resources, such as the rapid addition of new user accounts and immediate deletion of existing ones.
CyberSec84 | Cybersecurity news. 
Leave a comment