At least 100,000 infected devices have leaked ChatGPT credentials to the dark web. Cybersecurity firm Group-IB has tracked various infostealer malwares that collect information about a target machine, including browser histories, documents, and even account credentials. Hackers profit from exploiting the data themselves or reselling it on online marketplaces which regularly traffic in logs containing victims’ account credentials for popular applications.
From June 2022 through last month, Group-IB tracked ChatGPT accounts exposed in for-sale logs, counting 101,134 in total. The infamous Russian-designed tool, Raccoon, was overwhelmingly responsible for these leaks. The Raccoon operation briefly shut down early last year after the death of its creator, but came back three months later and has since been responsible for at least 78,348 devices leaking ChatGPT credentials.
Apart from Raccoon, the researchers tracked 12,984 GPT-laden logs attributed to Vidar and 6,773 to Redline. Less than 5,000 infected devices were traced to North America, while a plurality originated in the Asia-Pacific, with India (12,632) and Pakistan (9,217) being the biggest offenders. Other countries that contributed to many exposed ChatGPT credentials included Brazil (6,531), Vietnam (4,771), and Egypt (4,558).
Since ChatGPT was made available to the public last December, the researchers have tracked an increasing trend in Dark Web stealer logs containing compromised accounts. They tracked 2,766 such stealer logs in the first month, surpassing 11,000 the following month and doubling two months after that. By May, the figure had risen to 26,802.
Infostealers can pose a greater threat than more outwardly destructive malware like ransomware because they can be harder to detect, according to Mike Parkin, senior technical engineer at Vulcan Cyber. Depending on the strain of information stealer, hackers can be gathering everything from application and Web credentials to personal information, stored files, and system configurations. Organizations that have these malware infections in their environment could face having intellectual property, company financials, and pretty much any other data that lands on infected systems exposed, Parkin said.
As long as infostealers go unnoticed, ChatGPT credentials will be the least of concerns. The real question, Parkin asked, is what kind of data isn’t being leaked by these kinds of malware?