chatgbt malware

Researchers recently investigated and uncovered alarming information regarding 13 Facebook pages and accounts.

The threat actors have compromised these pages and profiles, and the most shocking thing about these pages and accounts, they have more than 500k active followers.

The threat actors exploited these compromised pages/accounts with the help of ChatGPT to spread malware using Facebook ads, putting the safety and security of the followers at risk.

Channels Used

Threat actors use various channels to distribute malware from these compromised accounts and pages. And here below we have mentioned those channels or mediums:-

  • Trello boards
  • Google Drive
  • Several individual websites

A number of elements are designed in such a way that will make the ads appear legitimate. These elements include all the information that is required to convince an unsuspecting individual.

A password and the download link are included to lend credibility to the scam. It should also be noted that compromised accounts are also capable of stealing sensitive confidential information as well.

Infection Chain

With remarkable speed, the malware has been spread through several Facebook pages with high followers and compromised.

To create the appearance of an authentic ChatGPT page, the threat actors alter the profile information of a Facebook account or page after compromising it.

Using “ChatGPT OpenAI” as the username, and displaying the official ChatGPT image as the profile picture of the chat client, will allow this to take place.

Now the threat actors behind this malicious scheme utilize the compromised accounts to advertise the “latest version of ChatGPT, GPT-V4” through Facebook ads.

These ads offer unsuspecting victims a seemingly innocent download link. However, upon downloading, the victims unknowingly unleash the malware stealer onto their devices.

There are persistent mechanisms included in the malware that allow it to persist on the system for as long as possible and gain more control over it.

CloudSEK researchers have discovered and reported to Cyber Security News, that the oldest instance of a hijacking of this type, occurred on a page with more than 23k followers.

In addition, new accounts were targeted, some of which had been created only a few days earlier. Although the compromised Facebook accounts originated from a variety of nationalities, the majority were managed by individuals from the following countries:-

  • Vietnam,
  • The Philippines
  • Brazil
  • Pakistan
  • Mexico

There has been a significant increase in compromised accounts detected among threat actors from Vietnam and the Philippines as compared to the others.

Apart from this, it has been observed that a particular video was repeatedly used on most compromised accounts to attract and engage users. This pattern indicates a distinct group or individual is behind the campaign of deploying malware via Facebook ads.

Compromised Facebook Accounts

Here below we have mentioned all the compromised Facebook accounts that the security analysts analyze:-

  • https[:]//www[:]facebook[:]com/chatsopenai/: 23,527 followers
  • https[:]//www[:]facebook[:]com/chat.openais/: 37,307 followers
  • https[:]//www[:]facebook[:]com/openaischat/: 11,680 followers
  • https[:]//www[:]facebook[:]com/ChatGPT4/: 33,084 followers
  • https[:]//www[:]facebook[:]com/chatgptai4.0/: 18,703 followers
  • https[:]//www[:]facebook[:]com/tiktokUSS: 123000 followers
  • https[:]//www[:]facebook[:]com/chatgptdotcom/: 18,468 followers
  • https[:]//www[:]facebook[:]com/buyurcars: 26000 followers
  • https[:]//www[:]facebook[:]com/ChatOpen-AI-419029688653893/: 28,204 followers
  • https[:]//www[:]facebook[:]com/KnockingNews/: 214,170 followers
  • https[:]//www[:]facebook[:]com/profile.php?id=100083053914779: 73 followers
  • https[:]//www[:]facebook[:]com/profile.php?id=100090989901546: 0 followers (New Account)
  • https[:]//www[:]facebook[:]com/profile.php?id=100090478546947: 0 followers (New Account)

Approximately 25 websites have been identified impersonating the OpenAI website in a nefarious attempt to take advantage of victims.

That’s why cybersecurity researchers have strongly recommended that users remain vigilant and not open suspicious links.

Building Your Malware Defense Strategy – Download Free E-Book

Also Read:

ChatGPT Successfully Built Malware But Failed To Analyze The Complex Malware

6 Best Free Malware Analysis Tools to Break Down the Malware Samples – 2023

Risks of Sharing Sensitive Corporate data into ChatGPT

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.