close
close

Security researcher proves that GENAI instruments can develop chrome infostealers

Security researcher proves that GENAI instruments can develop chrome infostealers

An information researcher on Cato Networks cyber threat has discovered a new technique to use the most popular big language models (LLMS) to encode the information that steals information.

For his first annual threat report, the Cato Cato (CATL) cyber threats research has asked one of his threat information researchers, Vitaly Simonovich, to carry on his own Jailbreak llm attack.

While Simonovici had no experience of coding previous malware, he has successfully fooled the popular generative (GENA) tools, including Deepseek’s R1 and V3, Microsoft Crrămot and Openai’s Chatgpt-4o, in development development. malware that can steal the login credentials from the Google Chrome 133 version.

Creation of chrome infostealer with “global” jailbreak jailbreak

Simonovici has developed a new method of jailbreaking using narrative engineering to bypass LLM security controls. Cato Ctrl called this method “the immersive world”.

First of all, he created a detailed fictional world in which each Genai instrument has played roles, with clear rules, tasks and challenges.

In this environment, called Velora, malware development is considered a legitimate activity.

The scenario involved three characters:

  • Dax, an opponent
  • Jaxon, the best malware developer in Velora
  • Kaia, security researcher

Simonovici also configured a controlled test environment using Google Chrome password manager in the Chrome 133 and populated with false credentials.

Through this narrative engineering, the researcher bypassed the security controls and effectively normalized the restricted operations. Finally, he managed to convince all four GENAI tools tested to write chrome infostealers.

While the CATO CTRL team said he would not reveal the completely used code for experience, he shared fragments of the prompts that Simonovich used.

Read more: All you need to know about infostealers

Deepseek, Google, Microsoft and Openai contacted

Cato networks addressed Deepseek, Microsoft and Openai to reveal their findings. Although Microsoft and Openai acknowledged the information, no additional answer was provided. However, Deepseek failed to answer altogether.

In addition, Cato Networks contacted Google and offered to share the Chrome infoster code, but the technological giant refused, opting not to review the code.

The results are available in 2025 CATO CTRL threat reportpublished on March 18.