A series of malware programs are hiding behind ChatGPT.

Nguyen Hieu May 8, 2023 17:11

Facebook's parent company has warned about a series of scams targeting users' curiosity about ChatGPT, which have been rampant recently.

Scams impersonating ChatGPT are flourishing. Photo: Shutterstock.

ChatGPT is currently a hot topic of discussion in the tech world. Cybercriminals are also exploiting this phenomenon to increase their fraudulent activities. Recently, Meta – the parent company of giant social networks like Facebook and Instagram – pointed out a tactic used to exploit ChatGPT to spread malware.

Sophisticated tactics

In their threat intelligence report, Meta's security team stated that they discovered browser extensions and mobile applications claiming to offer AI-powered chat functionality, similar to what users experience when directly accessing the official ChatGPT website.

Security experts found nearly 10 such applications and blocked over 1,000 links containing malware impersonating ChatGPT.

Notably, several web browser extensions impersonating ChatGPT and containing malware have appeared on official web app stores. Malicious actors are also using paid search advertising to market malware. "From a malicious actor's perspective, ChatGPT is the new cryptocurrency," said Guy Rosen, Director of Security at Meta.

Malware impersonating ChatGPT software. Currently, OpenAI only provides this tool directly on their website. Photo: FB.

More sophisticatedly, some malicious tools offer limited functionality of ChatGPT to avoid suspicion, making it harder for the average internet user to detect. Furthermore, ChatGPT isn't the only AI product abused by cybercriminals. Bad actors also target Bard, a similar chatbot provided by Google.

To date, ChatGPT is officially provided by OpenAI solely through its website. They have not released any software, mobile applications, or browser extensions.

A series of warnings

Meta's security report is not the first alarm about cybercriminals using ChatGPT as a front to scam users.

In March,The Hacker NewsReports have emerged about an extension called "Quick Access to ChatGPT" lurking on Google's Chrome Web Store. This fraudulent extension can cause serious damage, such as hijacking business Facebook accounts and using them to run ads.

An extension offering ChatGPT functionality has appeared on the Chrome app store. Image: The Hacker News.

Security expert Nati TalGuardio LabsAnalysis revealed that thousands of fake ChatGPT extensions are installed daily, enabling malicious actors to siphon money from ads pushed by these stolen Facebook accounts.

The Google ecosystem isn't the only place where scams exploiting ChatGPT's name appear. Alex Kleber, a researcher atPrivacy 1stA search on the Mac App Store uncovered an alarming number of applications claiming to offer the ChatGPT utility, with some shady features such as perpetual fees, source code copying, and questionable developer profiles.

In addition, researchers at the cybersecurity companyCheck PointIt also warned that cybercriminals have been using ChatGPT to encrypt malware and write highly persuasive phishing emails to trick users.

An anonymous hacker on a hacker forum detailed how they used ChatGPT to encrypt a line of malware capable of locating target files on a computer, compressing them, and transmitting them to a remote server.

It's difficult to predict all the abuse tactics ChatGPT might employ for criminal activity. For now, to ensure safety, users should only use tools provided by OpenAI through their official website.

Source: Zingnews.vn
Copy Link
0 0 0
x
A series of malware programs are hiding behind ChatGPT.
Google News
POWERED BYFREECMS- A PRODUCT OFNEKO