Meta Takes Down Malware Campaign That Used ChatGPT as a Lure to Steal Accounts

The Hackernews posted a short article about a interesting takedown done by Meta. The original article can be found HERE. Here is that short article…..

Meta said it took steps to take down more than 1,000 malicious URLs from being shared across its services that were found to leverage OpenAI’s ChatGPT as a lure to propagate about 10 malware families since March 2023.

The development comes against the backdrop of fake ChatGPT web browser extensions being increasingly used to steal users’ Facebook account credentials with an aim to run unauthorized ads from hijacked business accounts.

“Threat actors create malicious browser extensions available in official web stores that claim to offer ChatGPT-based tools,” Meta said. “They would then promote these malicious extensions on social media and through sponsored search results to trick people into downloading malware.”

The social media giant said it has blocked several iterations of a multi-pronged malware campaign dubbed Ducktail over the years, adding it issued a cease and desist letter to individuals behind the operation who are located in Vietnam.

Trend Micro, in a series of tweets last week, detailed an information stealer that’s disguised as a Windows desktop client for ChatGPT to extract passwords, session cookies, and history from Chromium-powered browsers. The company said the malware shares similarities with Ducktail.

Besides ChatGPT, threat actors have also been observed shifting to other “hot-button issues and popular topics” like Google Bard, TikTok marketing tools, pirated software and movies, and Windows utilities to dupe people into clicking on bogus links.

“These changes are likely an attempt by threat actors to ensure that any one service has only limited visibility into the entire operation,” Guy Rosen, chief information security officer at Meta, said.

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.