Blog Details

Protecting Users: Meta Uncovers Malware Exploiting Interest in ChatGPT

In a recent report, Meta, the parent company of Facebook, has raised concerns about the emergence of malware campaigns taking advantage of public fascination with ChatGPT, an AI-powered chatbot. These cybercriminals employ deceptive tactics, similar to cryptocurrency scams, to entice users to download malicious applications and browser extensions. Meta has identified approximately 10 malware families and over 1,000 harmful links masquerading as tools associated with ChatGPT since March 2023.

Malware Targeting Business Accounts:

The malware strains discovered by Meta, such as DuckTail and NodeStealer, have been actively compromising business accounts across various platforms, including social media. DuckTail, for instance, is designed to steal browser cookies and hijack Facebook sessions, enabling threat actors to access victims' account information, including location data and two-factor authentication codes. By gaining control over Facebook business accounts, hackers seek unauthorized access to Facebook ad accounts.

Countermeasures and Disruptions:

Meta has responded proactively to these threats, issuing cease-and-desist letters to the individuals involved and informing law enforcement agencies. It has also implemented new security features to safeguard Facebook business accounts. Among these enhancements is a support tool that guides users in identifying and removing malware step-by-step. Additionally, Meta has introduced controls that allow business account owners to manage, audit, and restrict account administrator privileges. Shortly, Facebook at-Work accounts will be launched, enabling business account operation without needing a personal account.

Notable Malware Strains:

One prominent malware strain, DuckTail, has been targeting victims using AI-themed lures. In response to Meta's countermeasures, DuckTail operators have adjusted their tactics, granting business admin permissions to attackers' requests for ad-related actions to expedite their operations before being blocked. Another malware strain, NodeStealer, targets Windows-based browsers to steal cookies and login details to compromise Facebook, Gmail, and Microsoft Outlook accounts. Meta successfully detected and disrupted NodeStealer, working closely with domain registrars and hosting providers to eliminate the threat.

Meta's Security Preparedness:

Acknowledging the potential for abuse associated with generative AI technologies like ChatGPT, Meta is proactively strengthening its defenses. The company's Chief Information Security Officer, Guy Rosen, emphasized the significance of ChatGPT as a potential tool for bad actors, drawing parallels with the rise of cryptocurrency scams. Meta is preparing to address various waves of abuse linked to generative AI technologies.

As the popularity of AI-powered tools like ChatGPT continues to grow, users need to remain cautious and vigilant against emerging cybersecurity threats. Meta's efforts to combat malware campaigns exploiting public interest in ChatGPT demonstrate their commitment to protecting users and maintaining a secure online environment. By raising awareness, implementing security measures, and constantly monitoring emerging risks, Meta aims to mitigate the impact of such malicious activities.