Cybersecurity experts have issued a warning to over 100,000 ChatGPT users, as they could be at risk of fraud, scams, and cyberattacks due to info-stealing malware. Cybercriminals have hacked into the login details of 101,134 ChatGPT users between June 2022 and May 2023. The cybersecurity firm, Group-IB, discovered this alarming data from malware logs shared on dark web marketplaces. These attacks were mostly from the Asia-Pacific region, with India suffering the most attacks in the past 12 months. Pakistan, Brazil, and the US were also among the top three countries affected by these attacks.
The Raccoon info-stealing malware program was the most commonly used by hackers, with Redline: accounting for 7,000 compromised accounts, and Vidar for 13,000 cases. These programs collect credentials saved in browsers, bank card details, cookies, cryptocurrency wallets, and browsing history. Afterward, the stolen information is sent to the scheme operator, who then sells this data to other hackers.
In addition to ChatGPT, instant messengers and emails have also become more common targets for info stealers. ChatGPT typically saves all conversations, which could offer a trove of sensitive intelligence if threat actors get their hands on account credentials. To prevent this, Group-IB advises users to change their passwords regularly and use security features such as two-factor authentication.
People may not realize that their ChatGPT accounts hold sensitive information sought after by cybercriminals. ESET Global Cyber Security Advisor, Jake Moore, advises users to take precautions, as their account stores all input requests by default and can be viewed by those with access to the account. Moreover, info stealers are becoming more prominent in ChatGPT compromises and are even used in malware-as-a-service attacks.
In conclusion, it is important to be vigilant when using ChatGPT and take necessary precautions such as changing passwords regularly and using security features such as two-factor authentication. Be aware that your ChatGPT account stores sensitive information that cybercriminals look for. Always stay up-to-date with cybersecurity news, as these attackers are always looking for new ways to compromise your security.
