Cyber Security

Hackers Exploiting ChatGPT’s Popularity to Spread Malware via Hacked FB Accounts

Published

on

Researchers recently conducted an investigation and uncovered alarming information regarding 13 Facebook pages and accounts.

These pages and profiles have been compromised by the threat actors, and the most shocking thing about these pages and accounts, they have more than 500k active followers.

These compromised pages/accounts were exploited by the threat actors with the help of ChatGPT to spread malware using Facebook ads, putting the safety and security of the followers at risk.

Channels Used

Various channels are being used by threat actors to distribute malware from these compromised accounts and pages. And here below we have mentioned those channels or mediums:-

A number of elements are designed in such a way that will make the ads appear legitimate. These elements include all the information that is required to convince an unsuspecting individual.

In order to lend further credibility to the scam, a password is included along with the download link. It should also be noted that compromised accounts are also capable of stealing sensitive confidential information as well.

Infection Chain

With remarkable speed, the malware has been spread through several Facebook pages that are high in followers and have been compromised.

In order to create the appearance of an authentic ChatGPT page, the threat actors alter the profile information of a Facebook account or page after compromising it.

Using “ChatGPT OpenAI” as the username, and displaying the official ChatGPT image as the profile picture of the chat client, will allow this to take place.

Now the threat actors behind this malicious scheme utilize the compromised accounts to advertise the “latest version of ChatGPT, GPT-V4” through Facebook ads.

These ads offer unsuspecting victims a seemingly innocent download link. However, upon downloading, the victims unknowingly unleash the malware stealer onto their devices.

There are persistent mechanisms included in the malware that allow it to persist on the system for as long as possible and gain more control over it.

CloudSEK researchers have discovered and reported to Cyber Security News, that the oldest instance of a hijacking of this type, occurred on a page with more than 23k followers.

In addition, new accounts were targeted, some of which had been created only a few days earlier. Although the compromised Facebook accounts originated from a variety of nationalities, the majority were managed by individuals from the following countries:-

  • Vietnam,
  • The Philippines
  • Brazil
  • Pakistan
  • Mexico

There has been a significant increase in compromised accounts detected among threat actors from Vietnam and the Philippines as compared to the others.

Apart from this, it has been observed that on most compromised accounts, a particular video was repeatedly used to attract and engage users. This pattern indicates a distinct group or individual is behind the campaign of deploying malware via Facebook ads.

Compromised Facebook Accounts

Here below we have mentioned all the compromised Facebook accounts that are analyzed by the security analysts:-

  • https[:]//www[:]facebook[:]com/chatsopenai/: 23,527 followers
  • https[:]//www[:]facebook[:]com/chat.openais/: 37,307 followers
  • https[:]//www[:]facebook[:]com/openaischat/: 11,680 followers
  • https[:]//www[:]facebook[:]com/ChatGPT4/: 33,084 followers
  • https[:]//www[:]facebook[:]com/chatgptai4.0/: 18,703 followers
  • https[:]//www[:]facebook[:]com/tiktokUSS: 123000 followers
  • https[:]//www[:]facebook[:]com/chatgptdotcom/: 18,468 followers
  • https[:]//www[:]facebook[:]com/buyurcars: 26000 followers
  • https[:]//www[:]facebook[:]com/ChatOpen-AI-419029688653893/: 28,204 followers
  • https[:]//www[:]facebook[:]com/KnockingNews/: 214,170 followers
  • https[:]//www[:]facebook[:]com/profile.php?id=100083053914779: 73 followers
  • https[:]//www[:]facebook[:]com/profile.php?id=100090989901546: 0 followers (New Account)
  • https[:]//www[:]facebook[:]com/profile.php?id=100090478546947: 0 followers (New Account)

Approximately 25 websites have been identified that have been impersonating the OpenAI website in a nefarious attempt to take advantage of victims.

That’s why cybersecurity researchers have strongly recommended users remain vigilant and not open any suspicious links.

Source: https://cybersecuritynews.com/hackers-exploiting-chatgpts-popularity-to-spread-malware/

Click to comment
Exit mobile version