Some people are concerned that chatbots with generative AI, like ChatGPT could one day be used to create malware. The bigger issue is now that ChatGPT is popular. The scammers use ChatGPT sites and apps to steal personal data from their victims.
On Wednesday, researchers at Facebook parent company Meta warned that malicious groups – including Ducktail and NodeStealer – are now posing as ChatGPT and similar tools, where they target people through malicious browser extensions, ads, and even various social media platforms with the aim to run unauthorized ads from compromised business accounts across the Internet.
Meta has said that they have detected and stopped these malware operations. This includes previously unknown malware families. They also claim to have seen adversaries adapt quickly in response.
Our security teams are tackling malware – one of the most persistent threats online – as part of our defense in depth approach through multiple efforts at once. That’s why our security teams tackle malware – one of the most persistent threats online – as part of our defense-in-depth approach through multiple efforts at once,” Meta’s Duc H. Nguyen and Ryan Victory noted in a blog post on Wednesday.
Meta’s research has found that since March around 10 malware families have been using ChatGPT or other themes similar to compromise online accounts.
Nguyen & Victory added that in one instance, threat actors created malicious extensions for official web shops with the claim of offering ChatGPT-based software. Then, they would use sponsored search engine results and social media to promote their malicious extensions in order to get people downloading malware. “In fact, these extensions were bundled with working ChatGPT features alongside the malware. This was likely done to avoid suspicion by official web stores.”
Meta states that it has stopped more than 1,000 ChatGPT malicious URLs being shared across its platforms. Meta has also shared the URLs it blocked with industry partners.
TechCrunch reports that the Vietnam-based Ducktail Malware operation has been targeting Facebook users from 2021. Now, it is spoofing ChatGPT in order to steal browser cookie while hijacking logged-in Facebook session to gain access to information on the victim’s Facebook Account, such as account information, location, and 2-factor authentication codes.
NodeStealer is a node-stealer.
Researchers at Facebook discovered NodeStealer, a malware that steals information in January. This malware allows hackers to use stolen browser cookies in order to gain access to accounts on social media, Gmail or Outlook.
“We identified NodeStealer early – within two weeks of it being deployed – and took action to disrupt it and help people who may have been targeted to recover their accounts,” Nguyen and Victory explained. As part of our efforts, we sent takedown requests for third-party hosting services, application providers and registrars such as Namecheap that were being targeted by threat actors in order to facilitate malicious activities and distribution. This led to the successful destruction of malware.
Meta researchers say they’ve not seen any new malware samples in the NodeStealer Family since February 27, this year. However, they continue to monitor for future potential activity.
Generative AI Threat
Blackfog’s researchers warned that ChatGPT could also be exploited to develop malicious code. Now, it is monitoring how this generative AI could be used as a social media lure.
BlackFog CEO Darren Williams and BlackFog founder Darren Williams sent an email explaining that they have demonstrated how ChatGPT as well as other generative AI can be effectively used for data extraction, even if the actual software is written to achieve this.
Williams continued, “This technology is now used to build entire websites or phishing sites with the intention of stealing login credentials and infecting devices with malware.”
He added that the ChatGPT technology is likely to increase cyber threats, which means cybersecurity efforts must keep up with this rapidly emerging technology.
Williams said that traditional defensive approaches such as EDR and antivirus software have proven ineffective when it comes to modern ransomware.
Users will need to be vigilant and not fall victim to spoofing.
Williams added, “The best way to guarantee your data’s protection is to invest in newer technologies that prevent exfiltration of data from the start.” Williams continued, “If the attacker is unable to exfiltrate information, they will have no advantage over their victim.”