News Report Technology
May 04, 2023

Meta Security Engineers Discover Malware Posing as ChatGPT to Compromise Accounts

In Brief

Malware poses as generative AI tools like ChatGPT to compromise user accounts, according to security engineers and researchers at Meta.

Meta Security Engineers Discover Malware Posing as ChatGPT to Compromise Accounts

Security engineers and researchers at Meta have found that malware operators are using generative AI tools as their latest ploy to spread malicious software. 

With generative AI being a hot topic, malware campaigns have recently taken advantage of people’s interest in OpenAI’s ChatGPT, using it to lure people into installing malware. Meta security engineers Duc H. Nguyen and Ryan Victory wrote in a blog post that the ultimate goal of these campaigns is to compromise businesses with access to ad accounts across the internet.

Malware operators are targeting various platforms across the internet, including file-sharing services Dropbox, Google Drive, Mega, MediaFire, Discord, Atlassian’s Trello, Microsoft OneDrive, and iCloud to host malware pretending to provide AI functionality. 

Since March 2023, several malware strains have been discovered by researchers that exploit ChatGPT and similar topics to gain access to online accounts. For instance, malicious browser extensions pretending to provide ChatGPT-related features were developed and made available in official web stores by threat actors.

Using social media and sponsored search results, malware operators advertised these malicious browser extensions to deceive users into installing malware. To evade detection by official web stores, some of these extensions even had functional ChatGPT features. 

Meta security engineers said that they had prevented the sharing of over 1,000 ChatGPT-themed malicious links on the company’s platforms and have shared this information with industry peers to take necessary measures.

As with previous malware attacks like Ducktail, the perpetrators behind these new campaigns have had to adjust their strategies quickly in response to blocking and public reporting; they are resorting to methods such as cloaking to evade detection from automated ad review systems and utilizing popular marketing tools, such as link-shorteners, to conceal the true purpose of their links. 

They are also changing their tactics by focusing on other popular themes like Google’s Bard and TikTok marketing support. Some of these campaigns have shifted their focus to smaller platforms, such as Buy Me a Coffee, as a way to disseminate and distribute malicious content after larger platforms had taken action against them.

With the ongoing hype surrounding generative AI, users should be wary of unsolicited links or downloads, particularly ChatGPT-related applications that may appear on browser web stores or sidebars.

Read more:

Disclaimer

In line with the Trust Project guidelines, please note that the information provided on this page is not intended to be and should not be interpreted as legal, tax, investment, financial, or any other form of advice. It is important to only invest what you can afford to lose and to seek independent financial advice if you have any doubts. For further information, we suggest referring to the terms and conditions as well as the help and support pages provided by the issuer or advertiser. MetaversePost is committed to accurate, unbiased reporting, but market conditions are subject to change without notice.

About The Author

Cindy is a journalist at Metaverse Post, covering topics related to web3, NFT, metaverse and AI, with a focus on interviews with Web3 industry players. She has spoken to over 30 C-level execs and counting, bringing their valuable insights to readers. Originally from Singapore, Cindy is now based in Tbilisi, Georgia. She holds a Bachelor's degree in Communications & Media Studies from the University of South Australia and has a decade of experience in journalism and writing. Get in touch with her via cindy@mpost.io with press pitches, announcements and interview opportunities.

More articles
Cindy Tan
Cindy Tan

Cindy is a journalist at Metaverse Post, covering topics related to web3, NFT, metaverse and AI, with a focus on interviews with Web3 industry players. She has spoken to over 30 C-level execs and counting, bringing their valuable insights to readers. Originally from Singapore, Cindy is now based in Tbilisi, Georgia. She holds a Bachelor's degree in Communications & Media Studies from the University of South Australia and has a decade of experience in journalism and writing. Get in touch with her via cindy@mpost.io with press pitches, announcements and interview opportunities.

Hot Stories

Top Investment Projects of the Week 25-29.03

by Viktoriia Palchik
March 29, 2024
Join Our Newsletter.
Latest News

Custom HTML

by Valentin Zamarin
August 08, 2024

Top Investment Projects of the Week 25-29.03

by Viktoriia Palchik
March 29, 2024

Supply and Demand Zones

Cryptocurrency, like any other currency, is a financial instrument based on the fundamental economic principles of supply ...

Know More

Top 10 Crypto Wallets in 2024

With the current fast-growing crypto market, the significance of reliable and secure wallet solutions cannot be emphasized ...

Know More
Read More
Read more
Custom HTML
News Report
Custom HTML
August 8, 2024
Modular Blockchain Sophon Raises $10M Funding from Paper Ventures and Maven11 Amid Veil of Mystery
Business News Report
Modular Blockchain Sophon Raises $10M Funding from Paper Ventures and Maven11 Amid Veil of Mystery
March 29, 2024
Arbitrum Foundation Announces Third Phase Of Grants Program, Opens Applications From April 15th
News Report Technology
Arbitrum Foundation Announces Third Phase Of Grants Program, Opens Applications From April 15th
March 29, 2024
Top Investment Projects of the Week 25-29.03
Digest Technology
Top Investment Projects of the Week 25-29.03
March 29, 2024