Meta warns users about malware disguised as ChatGPT

Meta has reportedly uncovered around ten new malware variants that leverage AI chatbot tools, such as OpenAI's widely used ChatGPT, to gain access to user accounts.   

According to Meta's Q1 security report, malware operators and spammers are strategically targeting popular topics and trends to capture the attention of unsuspecting individuals. Meta has identified a pressing issue regarding the proliferation of malicious web browser extensions that seem to provide ChatGPT functionality. Chrome or Firefox users can download these extensions to access AI chatbot functionality. 
 
Several of these extensions have been found to effectively deliver the promised chatbot functionalities. The extensions, however, have been found to have malware that can infiltrate a user's device.  

Meta has found over 1,000 distinct URLs that allegedly distribute malware under the guise of ChatGPT or other AI-related tools. The social media firm has taken measures to prevent these URLs from being shared on Facebook, Instagram, and Whatsapp. 

Malware downloads can lead to swift and ongoing attacks by malicious actors who are constantly refining their tactics to evade security measures.   

“Over the past several months, we’ve investigated and taken action against malware strains taking advantage of people’s interest in OpenAI’s ChatGPT to trick them into installing malware pretending to provide AI functionality,” Meta writes in the report.  

Meta's security engineers have also discovered that several malware strains, including Ducktail and NodeStealer, have been concealed within ChatGPT browser plugins and productivity tools. The engineers have traced the origin of these malicious programs to individuals in Vietnam and other locations. The Social Network has announced that it has informed other online platforms hosting the malware, as well as law enforcement authorities.  

Meta Chief Security Officer Guy Rosen in a call with reporters has said that the scammers behind these exploits are taking advantage of the surge in interest in Generative AI. “As an industry we've seen this across other topics that are popular in their time such as crypto scams fueled by the immense interest in digital currency,” Rosen said. “So from a bad actor’s perspective, ChatGPT is the new crypto.”   

Meta has introduced a new support flow to assist businesses that have been hijacked or shut down on Facebook in regaining access and resolving the issue. Facebook business pages are often vulnerable to hacking due to the targeting of malware toward individual users with access to them.  

Meta has also announced the launch of new Meta work accounts that enable the use of single sign-on (SSO) credential services from organisations that do not require a personal Facebook account. This move is expected to enhance security measures for users.   

Meta’s researchers aren’t the first to warn about fake ChatGPT tools leading to hacked accounts. Bleeping Computer reported in February 2022, that a number of Facebook accounts have been hacked due to a Chrome extension disguised as ChatGPT software. Researchers have also issued a warning regarding this incident.   

Cybersecurity experts at Check Point have also issued a warning in January 2023 that cybercriminals are utilising ChatGPT to develop malware and craft highly persuasive phishing emails aimed at tricking users.