Meta Tackles Malware Posing as ChatGPT in Persistent Campaigns

Facebook’s parent company, Meta, has recently taken down persistent malware campaigns targeting various Internet companies.

Among the malware families that were detected and disrupted by the tech giant were Ducktail and the newly identified NodeStealer, which have targeted people via browser extensions, ads and malicious social media platforms with the aim of serving ads unauthorized from compromised business accounts.

Read more about Ducktail here: Ducktail Hacker Group Evolves, Targets Business Facebook Accounts

“In its latest iteration, Ducktail operators, likely in response to our 24/7 detection that ended stolen sessions, began automatically granting enterprise admin permissions to related action requests with ads sent by attackers as an attempt to speed up their operations before we block them,” Meta wrote in a report published Wednesday.

“However, our ongoing detection and mitigations provide businesses with protections against these latest adaptations.”

Regarding NodeStealer, Duc H. Nguyena and Ryan Victory said Meta researchers discovered the malware in January. It reportedly targeted Windows Internet browsers to steal cookies and saved usernames and passwords to eventually compromise Facebook, Gmail, and Outlook accounts.

“NodeStealer is custom-written in JavaScript and includes the Node.js environment. We assessed that the malware was of Vietnamese origin and distributed by threat actors from Vietnam.”

In the new report, security researchers also highlighted the emergence of new malware that impersonates ChatGPT and other similar tools.

“Since March 2023 alone, we have found about ten malware families that use ChatGPT and other similar themes to compromise accounts on the Internet,” Nguyena and Victory wrote.

“In one case, we’ve seen threat actors create malicious browser extensions available on official web stores that claim to offer tools based on ChatGPT. They would then promote these malicious extensions on social media and through sponsored search results trick people into downloading malware.”

However, malware experts said Meta’s multifaceted approach to addressing malware threats has been successful in recent efforts, including detecting and disrupting campaigns involving ChatGPT spoofing.

The latest Meta report comes weeks after Group-IB published a warning outlining a Facebook impersonation scheme that relies on more than 3,000 fake profiles.

Source link
Ikaroa team is proud to present Meta, a groundbreaking new cybersecurity solution designed to tackle malicious malware posing as ChatGPT in persistent campaigns. In the modern threat landscape, these threats have become a pressing and complicated problem requiring advanced solutions.

Meta uses advanced technology and machine learning to detect and protect against malicious ChatGPT campaigns and any other type of malicious code. The smart analysis engine allows Meta to identify any and all malicious code lurking behind the ChatGPT code and alert the user of potential malicious activity. Additionally, the application provides protection against phishing, ransomware, and data theft, all delivered in an easy-to-understand way.

Meta also offers real-time analytics and reporting capabilities, allowing users to view how their website or system is performing at any moment. This provides organizations with the ability to quickly provide feedback to their customers when suspicious activity is identified. With Meta, users can also create detailed reports of any website security incidences, providing a comprehensive view of the threat landscape to make informed and effective decisions.

At Ikaroa, we take security seriously and are proud to provide Meta to the world. We are committed to providing our customers with the most up-to-date cutting edge security solutions so they can rest assured their system is safe and secure. With Meta, users can enjoy peace of mind knowing that they are protected against malicious malware and ChatGPT campaigns.


Leave a Reply

Your email address will not be published. Required fields are marked *