(CTN NEWS) – Generic AIs like ChatGPT have been used to produce harmful code in the past, but hackers are now leveraging them to distribute malware by using their increased popularity as a lure.
This week, Facebook’s parent company Meta released its most recent technical analysis of persistent malware campaigns and threat research.
ChatGPT Harmful Malware Targeting User
According to the report, eight malware families were found, including DuckTail and NodeStealer, that pretended to be ChatGPT and other generative AI applications and targeted users using malicious browser extensions, advertisements, and other social media sites.
Their goal is to distribute unauthorized advertisements online using hacked business accounts.
According to Meta security engineers Duc H. Nguyen and Ryan Victory, “in one instance, we’ve seen threat actors create malicious browser extensions available in official web stores that claim to offer ChatGPT-based tools.”
Then, in order to trick people into downloading malware, they would advertise these malicious extensions on social media and through sponsored search results.
In addition to previously unknown malware families, Meta claimed to have found and stopped several malicious operations and to have already witnessed quick adversarial adaptation in response.
According to TechCrunch, DuckTail was founded in Vietnam and had been focusing on Facebook users since 2021.
In order to steal a victim’s data, including account information, location information, and two-factor authentication codes, the virus grabs browser cookies and hijacks logged-in sessions.
Any Facebook Business account the victim can access may also be taken over.
NodeStealer was identified by Facebook in January
It aims to attack Facebook, Gmail, and Outlook accounts by harvesting cookies and usernames and passwords from Windows internet browsers.
Additionally, it comes from Vietnam and is disseminated there by threat actors.
NodeStealer was immediately stopped, according to Meta, by submitting takedown requests to third-party registrars, hosting companies, and application services like Namecheap that the malware had targeted to spread more easily.
The social media behemoth reported that although it continues to watch for any potential future activity, it has not seen any fresh copies of malware from the NodeStealer family since February 27 of this year.
In order to spread malware, cybercriminals are quick to capitalise on the newest trends and well-liked services. Previous illustrations include Cyberpunk 2077, Roblox, and MSI Afterburner.
However, this is the first time we’ve encountered a lure that can also write malicious code.
RELATED CTN NEWS: