Meta, the parent company of Facebook, has recently warned that cybercriminals are taking advantage of peoples’ interest in ChatGP, a type of generative AI application, to spread malicious programs that are made to appear as if they are providing AI functionality. Since March, the company has identified around ten malware families that are using AI-related themes to clandestinely access business accounts across the internet, including those on social media sites.
The malicious programs involved are DuckTail, and NodeStealer, both which have been traced back to Vietnam based hackers. The DuckTail malware is equipped to swipe browser cookies and hijack Facebook accounts with the end goal of retrieving user data and two-factor authentication codes. By pirating the business accounts, the perpetrators are gaining access to Facebook’s advertising system.
Despite the company’s round-the-clock battle to prevent stolen sessions, the attackers have been evasive, frequently granting admin permission to requests for activities associated with ads. NodeStealer has been developed to take control of Windows browsers and extract cookie as well as stored login details such as usernames and passwords. The company has already taken active steps to shut down victims’ accounts and submitted takedown requests to relevant domain registrars and hosting providers.
In order to help those whose accounts may have been compromised and to discourage future hackers, Meta has introduced new security measures. This includes the launch of support and controls to manage, audit, limit admin accounts and at-work accounts. The company also released a step-by-step guide to help detect and remove malware.
Meta is constantly monitoring activity to detect and eliminate malicious software and actors. Therefore, people should stay vigilant, especially given the increasing popularity of AI applications.