Facebook’s parent company Meta has issued a warning that hackers are taking advantage of people’s interest in ChatGP and other generative AI apps to trick them into installing malware that aims to provide AI functionality.
Since March, Meta has discovered about 10 malware families that use AI themes to compromise business accounts on the Internet, including business social media accounts, and has blocked more than 1,000 unique malicious URLs with ChatGPT themes because be shared on their platforms.
“Over the past few months, we’ve been investigating and taking action against strains of malware taking advantage of people’s interest in OpenAI’s ChatGPT to trick them into installing malware that purports to provide AI functionality,” he said. say Meta in a block.
Meta detected strains of malware such as DuckTail and NodeStealer in ChatGPT browser plugins and productivity tools, attributed to hackers based in Vietnam.
DuckTail steals browser cookies
One of the strains of malware it has Increasingly targeting victims with AI-themed decoys is DuckTail. DuckTail steals browser cookies and hijacks Facebook sessions to retrieve victim account information, such as location data and two-factor authentication codes. Threat actors use the malware strain to hijack Facebook business accounts that the victim has access to, in order to gain access to Facebook ad accounts.
“In its latest iteration, DuckTail operators, likely in response to our 24/7 detection that ended stolen sessions, began automatically granting enterprise admin permissions to related action requests with ads sent by attackers as an attempt to speed up their operations before we block them,” Meta said.
DuckTail is known to target various platforms, including LinkedIn, using social engineering techniques to trick people into downloading malware. The variety of malware, once downloaded, can access user information through browsers such as Google Chrome, Microsoft Edge, Brave and Firefox. It uses file sharing and hosting services like Dropbox and Mega to host malware.
Meta has issued cease and desist letters to the people behind the operation and notified law enforcement.
NodeStealer targets Windows browsers
In January, Meta discovered that the Nodestealer malware variety was targeting Windows-based browsers with the goal of stealing cookies and saving login details such as usernames and passwords to compromise user accounts. Victims’ Facebook, Gmail and Microsoft Outlook.
“NodeStealer is custom-written in JavaScript and includes the Node.js environment. We assessed that the malware was Vietnamese in origin and distributed by threat actors from Vietnam,” Meta said.
Meta identified Nodestealer within two weeks of its implementation and took steps to disrupt it and help users who may have been targeted recover their accounts. The company also filed takedown requests with domain registrars and hosting providers, which the threat actors directed to facilitate the distribution of the malware.
“These actions resulted in a successful disruption of the malware. We have not observed any new samples of malware in the NodeStealer family since February 27 of this year and continue to monitor any potential future activity,” Meta said.
New security feature for business accounts
In response to new strains of malware that specifically target Facebook business accounts, the company also rolled out new account security features.
The company introduced a new support tool that guides users step-by-step in identifying and removing malware. There are also new controls for business accounts to help them manage, audit, and limit who can become an account administrator.
The company will also launch Facebook at-Work accounts, through which a business account can be operated without the need for a personal account. It is likely to be released later this year.
Copyright © 2023 IDG Communications, Inc.
Source link
Recent reports uncovering a malicious plot to lure computer users with unauthorized ChatGPT apps have left many wondering what action they should take. Meta’s research team have been quick to comment on the matter and are warning those who use ChatGPT potential vulnerabilities in these apps.
What is ChatGPT? It is an artificial intelligence technology which enables contextual chats with virtual agents. It is used to provide automated customer support, create smarter bots, and develop automated customer relations.
Meta’s research team has unearthed a “malware disguised as ChatGPT apps” which is used to exploit unsuspecting users. The bogus app poses as a ChatGPT service and entices victims with the promise of free rewards. Once infected, users are urged to complete surveys and tasks, though all efforts result in nothing. Worse still, their personal data is exposed in the process.
Meta recommends avoiding downloading “official-looking ChatGPT apps” which are not reviewed by the Google Play Store or Apple App Store. Cybersecurity experts also advise users to always use a secure connection whenever downloading applications, and to update their operating system and security programs to ensure they are secure against the latest threats.
At Ikaroa, our team of experts are dedicated to providing secure applications and services to our users. Our skilled professionals have the technical capabilities to detect and identify malicious software, and we stay abreast of the latest advancements in source code security to ensure we can respond to any cyber threats as quickly as possible. We are committed to offering our customers complete peace of mind when it comes to their digital security.
