CloudSEK researchers have discovered a malware campaign started by cybercriminals in mid-February using ChatGPT’s popularity.
Within a month, it has already affected 13 Facebook accounts or pages, with over 500K followers, including one Indian page which had over 2 lakh followers. The team also revealed that the threat actors targeted YouTube and hijacked the existing accounts and they are following the same method for Facebook accounts and pages.
After taking over the Facebook pages, the cybercriminals modify the profile information section to make it look like an authentic ChatGPT page. The threat actors also changed the username “ChatGPT OpenAI” and made the ChatGPT image the profile picture.
Using these compromised accounts, they also ran Facebook ads promoting the “latest version of ChatGPT, GPT- V4”, which, when downloaded, installs stealer malware on the victim’s device.
USING TRELLO, GOOGLE DRIVE
According to the findings, threat actors distributed malware via a variety of channels, including Trello boards, Google Drive and various individual websites embedded in Facebook ads. These ads are made to look authentic and contain all the information required to persuade unwary consumers that they are genuine. To give the scam more legitimacy, a password is included with the download URL.
CloudSEK told News18 that as of today, 9 out of 13 Facebook accounts/pages are still actively distributing malware using Facebook posts and ads.
The researchers also shared the link to the compromised Indian Facebook page and News18 found that it is still showing ChatGPT’s logo and the profile name, which suggested that the page is neither flagged nor blocked.
ON FEB 13
However, as per the findings, the earliest example of such a hijacking occurred on February 13 this year and involved a page with more than 23K followers. Not only that, the researchers also noticed the threat actors have also targeted recently created accounts, some of which were only 0 days old.
The findings also emphasized how the majority of the hijacked accounts repeatedly used a certain video to draw in and keep their audience interested. This trend implies that the effort to spread malware through Facebook ads is most likely the work of a specific threat actor or a group.
STEALING INFO
The malware in circulation is capable of stealing sensitive information from the user’s device, such as personal details, system information, credit card details and so on. It also has replication capabilities, making it easier to spread across systems via removable media.
However, the researchers said that despite the fact that different people from separate countries created the original pages, the majority of the hijacked Facebook accounts were being controlled by cyber criminals from Vietnam, the Philippines, Brazil, Pakistan and Mexico.
Additionally, among these countries, threat actors from Vietnam and the Philippines exhibited the highest incidence of compromised accounts.
CloudSEK told News18 that those who are interested in OpenAI’s services or want to use ChatGPT should visit the official ChatGPT website or the OpenAI website. According to them, as “the ChatGPT is an online-based service, there is no need to download any software on your system. So be cautious of any downloadable software that claims to be ChatGPT”.
Furthermore, it also advised not to disclose any personal information, such as mobile number, home address, or payment details, if the website looks suspicious. As per the researchers, users should verify the website’s legitimacy before sharing any information.
Read all the Latest Tech News here
Comments
0 comment