Top 10 Programming Languages, Python and Artificial Intelligence (AI)

Top 10 Programming Languages, Python 

& 

Artificial Intelligence (AI)

In the previous months it was too early to tell what impact the artificial intelligence boom might have on the TIOBE Programming Community Index, the impact is clear in June. The updated index page of top programming languages looks similar to past rankings; Python sits at the top of the list. However, TIOBE Software CEO Paul Jansen observed that developers should keep an eye on how AI tools might continue to have a major impact on which programming languages are most well known.

2023 TIOBE Index: Top 10 programming languages

This month’s top 10 list of programming languages, generated with TIOBE’s points system and based on search engine information from around the world, is:

1. Python
2. C
3. C++
4. Java
5. C#
6. Visual Basic
7. JavaScript
8. PHP
9. SQL
10. Assembly language

Notable changes to this month’s index

• Python has dropped to a yearly share of 13%, down from an all-time high of 17%.
• Java fell to fourth place, and C++ rose to third.
• Two new languages entered the top 50 this month: X++ and Raku. X++ is the language used to create business management and accounting systems in Microsoft Dynamics. Raku is a general-purpose programming language that spun out of Perl.

AI could shake up the world of programming languages

“Will Python remain number 1? This depends, I think, mainly on the popularity of AI,” Jansen wrote on the TIOBE Index site.

Python has remained popular for a long time; it started to climb the index in 2017, ended last year at a high of 17% and began to dip again to 13% in 2023.

“If tools such as ChatGPT remain the talk of the day, it will [attract] newcomers, and then Python is definitely here to stay. If not, Python should fear for its first position,” Jansen wrote.

OpenAI’s ChatGPT was written primarily in Python. ChatGPT can be used to write code in several languages — although not always with 100% accuracy.

What is the TIOBE Programming Community Index?

The TIOBE Programming Community Index is a leaderboard of programming languages ranked by TIOBE’s points system for the popularity of each language. The index is updated once a month. Ratings are determined by the community of engineers, courses and third-party vendors. Popular search engines such as Google, Bing, Yahoo, Wikipedia, Amazon, YouTube and Baidu are also used to calculate the ratings. TIOBE notes that the index does not measure “the best” programming language or the language in which most lines of code have been written. Rather, it is a measure of general popularity and awareness.

TIOBE positions its index as a good tool for checking whether a professional programmer’s skills are still up to date or for making a strategic decision about what programming language one should adopt when building a new software system.

Yapay Zeka Ararken Dikkat

 AI Ararken RedLine Yüklemeyin

OpenAI ChatGPT ve Midjourney gibi generatif AI hizmetleri için kötü niyetli Google Arama reklamları, RedLine Stealer kötü amaçlı yazılımını dağıtmak amacıyla kullanılıyor.

eSentire analizine göre, "Her iki AI hizmeti de son derece popüler olmasına rağmen bağımsız uygulamalara sahip değillerdir (yani kullanıcılar ChatGPT'ye web arayüzü üzerinden erişirken Midjourney Discord'u kullanır)," dedi.

"Tehdit aktörleri, sahte uygulamaları tanıtan sahte web sayfalarını tanıtan AI uygulama arayıcılardan yararlanmışlardır."

BATLOADER, kullanıcıların arama motorlarında belirli anahtar kelimeler aradıklarında sahte reklamların görüntülendiği ve tıkladıklarında kötü amaçlı yazılım barındıran yanıltıcı indirme sayfalarına yönlendirildikleri drive-by indirmeleri aracılığıyla yayılan bir yükleyici kötü amaçlı yazılımdır.

 

eSentire'a göre, kurulum dosyası, ChatGPT.exe veya midjourney.exe adlı bir yürütülebilir dosya ve Chat.ps1 veya Chat-Ready.ps1 adlı bir PowerShell komut dosyası içerir ve uzaktaki bir sunucudan RedLine Stealer'ı indirir ve yükler.

 

Kurulum tamamlandığında, ikili dosya Microsoft Edge WebView2'yi kullanarak chat.openai[.]com veya www.midjourney[.]com - yasal ChatGPT ve Midjourney URL'leri - pop-up penceresinde yükleyerek herhangi bir şüphe uyandırmadan açar.

Düşmanın, kötücül reklamlar sunmak ve sonuçta RedLine Stealer kötü amaçlı yazılımını bırakmak için ChatGPT ve Midjourney temalı tuzağı kullandığı da geçen hafta Trend Micro tarafından vurgulandı. Yapay Zeka Araçları BATLOADER'ın arkasındaki operatörlerin kötü amaçlı yazılım dağıtmak için yapay zeka çılgınlığından yararlandığı ilk kez değil. Mart 2023'te, eSentire benzer bir dizi saldırıyı ayrıntılı bir şekilde açıkladı, bu saldırılar Vidar Stealer ve Ursnif'i dağıtmak için ChatGPT tuzağından yararlandı.

Cybersecurity şirketi ayrıca Google Arama reklamlarının kötüye kullanımının 2023 başlarındaki zirveden düştüğünü belirtti, bu da teknoloji devinin bu tür kötüye kullanımları sınırlamak için aktif önlemler aldığını gösteriyor.

Bu gelişme, tehdit aktörlerinin kötü amaçlı yazılım ve diğer sahte uygulamaları dağıtmak için bu yapay zeka araçlarının artan kullanımından yararlanmaya çalıştığı daha geniş bir dolandırıcılık ve sahtekarlık kampanyası dalgasıyla uyumlu.

Güvenlik sağlayıcısı Sophos, ilgili bir araştırmada, Google Play ve Apple App Store'da ChatGPT ile ilişkili bir dizi fleeceware uygulamasını - toplu olarak FleeceGPT olarak adlandırılan - kullanıcıları istenmeyen aboneliklere zorladı.

Sophos araştırmacıları Jagadeesh Chandraiah ve Sean Gallagher, "Fleeceware uygulamaları, Apple ve Google hizmet şartlarının sınırlarında kalmak üzere tasarlandığı ve özel bilgilere erişmediği veya platform güvenliğini aşmayı denemediği için nadiren gözden geçirmede reddedilir ve uygulama mağazalarına alınır," dedi.

Son haftalarda, Meta ve Palo Alto Networks Unit 42, kullanıcıların kredi kartı bilgilerini toplamak, kredi kartı dolandırıcılığı yapmak ve kurbanların Facebook hesap bilgilerini çalan taklit ChatGPT hizmetine benzeyen sahtekarlık faaliyetlerinde artış olduğu konusunda uyarıda bulundu.

 

Looking for AI

 

While you are Looking for AI Watch Out for RedLine Malware

Malicious Google Search ads for generative AI services like OpenAI ChatGPT and Midjourney are being used to direct users to sketchy websites as part of a BATLOADER campaign designed to deliver RedLine Stealer malware.

"Both AI services are extremely popular but lack first-party standalone apps (i.e., users interface with ChatGPT via their web interface while Midjourney uses Discord)," eSentire said in an analysis.

"This vacuum has been exploited by threat actors looking to drive AI app-seekers to imposter web pages promoting fake apps."

BATLOADER is a loader malware that's propagated via drive-by downloads where users searching for certain keywords on search engines are displayed bogus ads that, when clicked, redirect them to rogue landing pages hosting malware.

The installer file, per eSentire, is rigged with an executable file (ChatGPT.exe or midjourney.exe) and a PowerShell script (Chat.ps1 or Chat-Ready.ps1) that downloads and loads RedLine Stealer from a remote server.

Once the installation is complete, the binary makes use of Microsoft Edge WebView2 to load chat.openai[.]com or www.midjourney[.]com – the legitimate ChatGPT and Midjourney URLs – in a pop-up window so as to not raise any red flags.

The adversary's use of ChatGPT and Midjourney-themed lures to serve malicious ads and ultimately drop the RedLine Stealer malware was also highlighted last week by Trend Micro.

This is not the first time the operators behind BATLOADER have capitalized on the AI craze to distribute malware. In March 2023, eSentire detailed a similar set of attacks that leveraged ChatGPT lures to deploy Vidar Stealer and Ursnif.

The cybersecurity company further pointed out the abuse of Google Search ads has fallen off from their early 2023 peak, suggesting that the tech giant is taking active steps to curtail its exploitation.

The development aligns with a broader wave of phishing and scam campaigns, wherein threat actors are attempting to cash in on the surging use of these AI tools to distribute malware and other bogus apps.

Security vendor Sophos, in a related research, outlined a set of ChatGPT-related fleeceware apps in the Google Play and Apple App Store — collectively dubbed FleeceGPT – that coerce users into signing up for unwanted subscriptions.

"Because fleeceware applications are designed to stay on the edge of Apple and Google terms of service and do not access private information or attempt to circumvent platform security, they are rarely rejected during review and are allowed into the app stores," Sophos researchers Jagadeesh Chandraiah and Sean Gallagher said.

In recent weeks, both Meta and Palo Alto Networks Unit 42 have warned of increasing fraudulent activity mimicking the ChatGPT service to harvest users' credit card details, perpetrate credit card fraud, and copycat chatbot browser extensions that steal victims' Facebook account details.

Between November 2022 through early April 2023, Unit 42 said it detected a 910% increase in monthly registrations for domains related to ChatGPT.

The findings come weeks after Securonix uncovered a phishing campaign dubbed OCX#HARVESTER that targeted the cryptocurrency sector between December 2022 and March 2023 with More_eggs (aka Golden Chickens), a JavaScript downloader that's used to serve additional payloads.

Giving Secure Online Examinations, Quizzes in the World of Artificial Intelligence and Chat BOTs

 To prevent cheating in online exams, it would be useful to first review how students cheat.

The following are some common ways of cheating in online exams:

• Unreasobale or unlimited Exam duration: Not setting a proper exam duration (start, end, and exam duration settings) can be a problem, even if start and end times are defined in some institutions, as defining an excessively long exam time or an exam that lasts from morning until evening is an invitation and even encouragement to cheat. In addition, the rights of other students who take the same or similar courses are also violated. The solution is to define a realistic and fair exam duration, just like in face-to-face exams, without forgetting the concepts of justice and fairness.
• Communication groups: Instant sharing of the answers of the solved questions by setting up communication groups can only solve cheating on random questions or questions that are diversified with different values.
• Sending exam questions to online sites and receiving the answers of the questions by sending them back. This type of cheating can only be solved by sequential questions and preventing the viewing and returning of the question. Also, a fair and reasonable exam duration setting is necessary.
• Opening a new tab/window or browser next to the internet browser page during the exam and searching for the solutions of the questions on electronic environments on the internet or sending emails to previously agreed persons to solve the question. This possibility can be prevented by setting the exam system's internet browser to kiosk mode through the Secure Browser setting.
• Same questions and answers for everyone. In this case, sharing the questions and answer choices directly through communication groups is possible. The solution is to have random questions and answer choices for each student.
• Unlimited Examination Entrance: One or more students who do not expect anything from the course, drop the course, or know for sure that they will fail, entering the exam first and sharing the questions one by one in groups, creating a copy question and answer pool, and then all other students entering the system and marking only the questions and their relevant correct answers. This possibility of cheating can be reduced by limiting the entry time to the exam.
• Use of open artificial intelligence programs/applications that are available to everyone online or in the form of an application.

After summarizing the most common cheating methods in online exams, the following techniques can be used to minimize these possibilities:

• The priority is to create a well-planned question pool entirely composed of new questions that are different every year and every term. 
• In this context, one of the things to do is to create a question pool for each section separately, which is quite diverse, even classified according to difficulty levels, and which produces different results by giving different numerical values ​​to the same difficulty and question set to create an exam pool. Thus, even if similar questions come to students who know each other, communicate, or even sit next to each other, the results will be different because the numerical values ​​of the numbers will be different. Even if they come as similar questions from random questions, at least copying in the first stage will be prevented because the numerical values ​​will be different. 
• It is essential to set questions as random and as a single question on each page.
• One of the things to be done is to make sure that the start, end, and duration settings of the exam are made, and the student finishes the exam at the end of the specified time for solving the questions. Once the time settings mentioned are made, the remaining time on the system will be displayed continuously, and the exam will be automatically saved and closed at the end of the time. 
• One of the ways to prevent cheating, especially in online exams, is to ensure that the questions appear sequentially, not free, one after the other, and only forward, and to prevent going back to previous questions. That is, it is to prevent students from copying the questions, sharing them with someone else, or finding the correct answers somewhere, and then returning to answer them. 
• Another way is to ensure that the questions and answer options are selected randomly during the exam. Thus, the possibility of similar or the same questions coming to close students who know each other, form a group or communicate is reduced, preventing copying. 
• Preventing students from opening another application in the background during the exam is another way to prevent cheating. This method, which can be used as a way to prevent students from searching for solutions to questions in another environment by connecting to the internet, is to take the exam in a Secure/Protected Browser mode. That is, the browser that is opened will be in kiosk mode and cover the entire screen, allowing the student to use only the question screen, preventing another browser or tab from being opened. 
  
• Ensuring that students enter the exam only in the allowed time at the beginning of the eaxmination, in the first 10 or 15-mins., depending on the situation, and preventing them from entering the exam in the following minutes is a way to prevent cheating. Thus, as soon as the exam starts, all students will enter the exam, and their time will begin. 
• Another method is to use some special software, sign online course registration requirements and rules for students at the beginning of the term, and install software that does not allow other connections and background applications in their PC/Table/Smartphone during exams. However, there may be cost and hesitation both at the institutional and student level.
• During the exam, monitoring and controlling the student and their surroundings through multiple cameras is another way of supervision. However, this method will require multiple supervisors to control multiple cameras during the exam, leading to institutional and student-level costs and concerns (such as monitoring personal environments).

• To prevent the use of open-access artificial intelligence programs online or through applications, questions should be prepared in image format rather than direct text format. Here, questions should be presented as an image with only the question text in text format or even the entire question in image format, with other necessary information provided in a suitable manner for solving the question. This may not be possible for every question, in which case the question should be created using complex watermark patterns or other designs and must be submitted in image format. As current artificial intelligence applications still use version 3.0 or 3.5, they cannot yet accept image or voice inputs. However, in the future, with version 4.0 or 5.0, using different designs in the background (like CAPTCHA) for image-format questions and submitting questions to the system in this way should be considered as a way to minimize cheating.

  Finally, it may not be possible to apply all of these methods simultaneously, but combining appropriate ones will be the most intelligent approach.