Infostealers have breached over 101,000 ChatGPT accounts on infected devices over the past year. This is according to a recent report by Group-IB that shows the Raccoon cyber gang was responsible for a large portion of the stolen accounts. Though the group responsible for developing Raccoon has seen some degradation, the group’s infostealing malware still persists on the dark web.
Infostealers are a type of malware that steal data collected from internet browsers, including login details, credit card details, browsing history, cookies, and information from instant messengers and emails. Infostealers can also gather detailed information about the victim’s device.
The researchers found that the Asia-Pacific region had the highest number of ChatGPT accounts stolen. India accounted for the largest number of stolen accounts, with Pakistan, Brazil, Vietnam, Egypt, the United States, France, Morocco, Indonesia, and Bangladesh rounding out the list.
According to Group-IB’s researchers, 78,348 of the stolen ChatGPT accounts were breached by the Raccoon infostealer. Vidar and RedLine accounted for 12,984 and 6,773 stolen accounts, respectively.
ChatGPT accounts have seen significant popularity in underground communities, which poses a significant risk to enterprises. Many enterprises are using ChatGPT in their operations, and some employees use the bots to access classified information or optimize proprietary code, creating a trove of sensitive intelligence.
The Raccoon infostealer was named because it was installed on systems but not detected and removed. People can exploit already installed systems, including taking over the Raccoon command-and-control servers, domains, or IP addresses. This malware can remain undetected indefinitely, allowing hackers to access the system until the victim detects and removes it.
Tools such as Raccoon continue to thrive, even after being blocked by more security-conscious organizations. ChatGPT is still in its wild west phase, with rapid, mass adoption by users outside normal IT security channels. Until users start taking security measures into account when adopting this technology, we will continue to see these issues around security, privacy, and intellectual property.
Despite a member of the Raccoon cyber gang being indicted by a grand jury in the United States in late 2022, the group still persists with its malware, including its V2, RecordBreaker.
It appears that the Raccoon malware has not gone away, and its creators either continue to operate or someone has taken up the reins. Until measures are put in place, we will continue to see the hacking of thousands of users due to the mass, uncontrolled adoption of ChatGPT.
