AI technology is not only changing the way we work or communicate, but also the methods used by hackers and cybercriminals. A new AI worm called Morris II is now on the loose, making strides in the realm of cyber threat. Morris II is an advanced malware that specifically targets popular Generative AI (GenAI) tools and email assistants like Gemini Pro and ChatGPT 4.0.
These findings come from recent research carried out collectively by researchers from Cornell Tech, Intuit, and the Israel Institute of Technology. Unlike traditional computer worms that require user actions for propagation, Morris II leverages the automatic inference capabilities of GenAI services, thus classifying it as a ‘zero-click’ malware.
Take aways:
- Morris II: The First of Its Kind
Morris II, in its essence, is an adversarial self-replicating worm, able to embed malicious prompts into inputs. When these inputs are processed by GenAI models, the prompt triggers the model to replicate the input as output and engage in malicious activity. This makes Morris II the first worm of its kind to target GenAI applications using self-replicating prompts. - Targets and Tactics
The worm targets AI-powered applications, more specifically, emailing assistants leveraging models like Gemini Pro and ChatGPT 4.0. Morris II capitalizes on prompt-injection vulnerabilities, spreading and exfiltrating sensitive data, including credit card numbers and social security details. - A Wake-Up Call
The emergence of Morris II serves as a wake-up call for the GenAI industry. It highlights the very real and present threats that GenAI systems face, urging companies and developers to fortify security measures and plug vulnerabilities that could be potential gateways for such attacks.
Researchers have already disclosed their findings to Google and OpenAI, fostering a collaborative effort towards mitigating such AI-targeted threats. This incident underlines the importance of secure architecture in the GenAI ecosystem and goes beyond just Google or OpenAI’s responsibilities.
References:
- ComPromptMized: Unleashing Zero-click Worms – A comprehensive paper introducing Morris II and understanding its threat potential.
- AI Worm Infects Users via AI-Enabled Email Clients – A detailed study regarding the Morris II worm and its attack methodology.