News Report Technology
May 04, 2023

Meta Security Engineers Discover Malware Posing as ChatGPT to Compromise Accounts

In Brief

Malware poses as generative AI tools like ChatGPT to compromise user accounts, according to security engineers and researchers at Meta.

Meta Security Engineers Discover Malware Posing as ChatGPT to Compromise Accounts

Security engineers and researchers at Meta have found that malware operators are using generative AI tools as their latest ploy to spread malicious software. 

With generative AI being a hot topic, malware campaigns have recently taken advantage of people’s interest in OpenAI’s ChatGPT, using it to lure people into installing malware. Meta security engineers Duc H. Nguyen and Ryan Victory wrote in a blog post that the ultimate goal of these campaigns is to compromise businesses with access to ad accounts across the internet.

Malware operators are targeting various platforms across the internet, including file-sharing services Dropbox, Google Drive, Mega, MediaFire, Discord, Atlassian’s Trello, Microsoft OneDrive, and iCloud to host malware pretending to provide AI functionality. 

Since March 2023, several malware strains have been discovered by researchers that exploit ChatGPT and similar topics to gain access to online accounts. For instance, malicious browser extensions pretending to provide ChatGPT-related features were developed and made available in official web stores by threat actors.

Using social media and sponsored search results, malware operators advertised these malicious browser extensions to deceive users into installing malware. To evade detection by official web stores, some of these extensions even had functional ChatGPT features. 

Meta security engineers said that they had prevented the sharing of over 1,000 ChatGPT-themed malicious links on the company’s platforms and have shared this information with industry peers to take necessary measures.

As with previous malware attacks like Ducktail, the perpetrators behind these new campaigns have had to adjust their strategies quickly in response to blocking and public reporting; they are resorting to methods such as cloaking to evade detection from automated ad review systems and utilizing popular marketing tools, such as link-shorteners, to conceal the true purpose of their links. 

They are also changing their tactics by focusing on other popular themes like Google’s Bard and TikTok marketing support. Some of these campaigns have shifted their focus to smaller platforms, such as Buy Me a Coffee, as a way to disseminate and distribute malicious content after larger platforms had taken action against them.

With the ongoing hype surrounding generative AI, users should be wary of unsolicited links or downloads, particularly ChatGPT-related applications that may appear on browser web stores or sidebars.

Read more:

Disclaimer

In line with the Trust Project guidelines, please note that the information provided on this page is not intended to be and should not be interpreted as legal, tax, investment, financial, or any other form of advice. It is important to only invest what you can afford to lose and to seek independent financial advice if you have any doubts. For further information, we suggest referring to the terms and conditions as well as the help and support pages provided by the issuer or advertiser. MetaversePost is committed to accurate, unbiased reporting, but market conditions are subject to change without notice.

About The Author

Cindy is a journalist at Metaverse Post, covering topics related to web3, NFT, metaverse and AI, with a focus on interviews with Web3 industry players. She has spoken to over 30 C-level execs and counting, bringing their valuable insights to readers. Originally from Singapore, Cindy is now based in Tbilisi, Georgia. She holds a Bachelor's degree in Communications & Media Studies from the University of South Australia and has a decade of experience in journalism and writing. Get in touch with her via [email protected] with press pitches, announcements and interview opportunities.

More articles
Cindy Tan
Cindy Tan

Cindy is a journalist at Metaverse Post, covering topics related to web3, NFT, metaverse and AI, with a focus on interviews with Web3 industry players. She has spoken to over 30 C-level execs and counting, bringing their valuable insights to readers. Originally from Singapore, Cindy is now based in Tbilisi, Georgia. She holds a Bachelor's degree in Communications & Media Studies from the University of South Australia and has a decade of experience in journalism and writing. Get in touch with her via [email protected] with press pitches, announcements and interview opportunities.

Hot Stories

Missed Bitcoin’s Rise? Here’s What You Should Know

by Victoria d'Este
December 20, 2024
Join Our Newsletter.
Latest News

From Ripple to The Big Green DAO: How Cryptocurrency Projects Contribute to Charity

Let's explore initiatives harnessing the potential of digital currencies for charitable causes.

Know More

AlphaFold 3, Med-Gemini, and others: The Way AI Transforms Healthcare in 2024

AI manifests in various ways in healthcare, from uncovering new genetic correlations to empowering robotic surgical systems ...

Know More
Read More
Read more
Transak Increases Accessibility To Memecoins By Listing 11 New Tokens
Markets News Report Technology
Transak Increases Accessibility To Memecoins By Listing 11 New Tokens
December 20, 2024
Missed Bitcoin’s Rise? Here’s What You Should Know
Opinion Business Markets Technology
Missed Bitcoin’s Rise? Here’s What You Should Know
December 20, 2024
The Explosive Rise of Crypto Theft in 2024 with North Korea Leading the Charge
Opinion Business Markets Software Technology
The Explosive Rise of Crypto Theft in 2024 with North Korea Leading the Charge
December 20, 2024
Multiple Network Unveils Brand Upgrade, Focusing On Privacy Protection And Data Acceleration 
News Report Technology
Multiple Network Unveils Brand Upgrade, Focusing On Privacy Protection And Data Acceleration 
December 20, 2024