NEW DELHI: Cybersecurity firm CloudSEK has discovered a malware campaign that began in mid-February using the popularity of ChatGPT, a large language model developed by OpenAI, to target Facebook accounts and pages. Within a month, the campaign has affected 13 Facebook accounts or pages with over 500,000 followers, including one Indian page with over 200,000 followers.
Cybercriminals have also targeted YouTube and are using the same tactics to hijack ex, isting accounts.
Explaining the process, CloudSEK researcher Bablu Kumar said, the threat actors behind the campaign take over the Facebook pages and modify the profile information section to make it look like an authentic ChatGPT page. They change the username to “ChatGPT OpenAI” and use the ChatGPT image as the profile picture. Using these compromised accounts, they run Facebook ads promoting the “latest version of ChatGPT, GPT-V4,” which installs stealer malware on the victim’s device when downloaded.
CloudSEK researcher Bablu Kumar found that the threat actors distributed malware via various channels, including Trello boards, Google Drive, and individual websites embedded in Facebook ads. To make the scam more convincing, the ads contain all the necessary information to persuade consumers that they are authentic, including a password.
As of now, nine out of 13 Facebook accounts/pages are still actively distributing malware through Facebook posts and ads, according to CloudSEK. The researchers also shared the link to the compromised Indian Facebook page, which is still showing ChatGPT’s logo and profile name, suggesting that it is neither flagged nor blocked.
The malware in circulation is capable of stealing sensitive information from the user’s device, including personal details, system information, and credit card details. It also has replication capabilities, making it easier to spread across systems via removable media.
Bablu Kumar told The420.in that the hijacked accounts repeatedly used a certain video to keep their audience interested, suggesting that the effort to spread malware through Facebook ads is most likely the work of a specific threat actor or group.
The cybercriminals behind the campaign are from Vietnam, the Philippines, Brazil, Pakistan, and Mexico, according to CloudSEK. Threat actors from Vietnam and the Philippines have the highest incidence of compromised accounts.
CloudSEK advises users interested in OpenAI’s services or ChatGPT to visit the official ChatGPT website or the OpenAI website. They caution against downloading any software that claims to be ChatGPT, as it is an online-based service that does not require software installation. Users should also verify the website’s legitimacy before sharing any personal information, such as mobile numbers, home addresses, or payment details.
- Be cautious of downloading any software or apps from unknown sources, especially if they claim to be ChatGPT. Always download software and apps from official websites or trusted sources.
- Avoid clicking on links or downloading attachments from suspicious emails, social media posts, or ads. Always verify the legitimacy of the source before clicking on any links.
- Keep your anti-virus and anti-malware software updated to protect your devices from known threats.
- Regularly backup your important data to ensure that you can recover it if your device is infected with malware.
- Educate yourself and your employees on cybersecurity best practices, such as avoiding sharing personal information online and being cautious of unknown sources.
- Monitor your social media accounts regularly for any suspicious activity or changes in profile information.
- Report any suspicious activity or links to the social media platform or relevant authorities.
- Consider using multi-factor authentication to add an extra layer of security to your social media accounts and other online accounts.
Follow The420.in on