There are increasing concerns that generative AI chatbots, such as ChatGPT, could be utilized to write malware. However, the more imminent problem is the proliferation of ChatGPT, which is being utilized by scammers as a lure to acquire information from unsuspecting victims. On Wednesday, researchers at Facebook’s parent company, Mete, identified that malicious entities including NodeStealer and Ducktail have been pretending to be ChatGPT and similar tools, utilizing malicious browser extensions, ads, and social media platforms to promote unauthorized ads from compromised business accounts.
Mete has acted to disrupt the malware activities, identifying and disabling ten malware families that are taking advantage of ChatGPT and similar themes to compromise accounts. In one incident a malicious browser extension was discovered in an official web store that claimed to supply ChatGPT-based tools. The malicious extension was then widely promoted on various social media platforms and through sponsored search results so as to trick people into downloading the malware. The extension was designed to keep suspicion at bay, as it presented authentic ChatGPT features alongside the malware.
Since March, Mete has blocked more than 1,000 ChatGPT theme malicious URLs from being shared on its platforms and has shared these URLs with other industry partners. Also, TechCrunch reported earlier that the Vietnam-based Ducktail group has been actively targeting Facebook since 2021, stealing browser cookies and hijacking logged-in accounts to amass personal account information, location data, and two-factor authentication codes. Similarly, NodeStealer was also employed against Facebook, Gmail, and Outlook accounts. Mete has alerted people of the possible threat through their blog post and has in the same vein submitted takedown requests to third-party registrars, hosting providers, and application services.
BlackFog, a cybersecurity firm, attested to the efficacy of ChatGPT and its ability to generate code for malicious operations. They reassured the public that they are keeping strict tabs on the chatbot’s increasing popularity and illicit applications. It is necessary to always remain vigilant by investing in the newest defense technologies to protect data from exfiltration, as traditional antivirus and other security measures have not proven effective against the most recent ransomware variants. It is also critical for both companies and individuals to be aware of spoofing campaigns, in order to protect their data from malicious actors.
