Express Computer
Home  »  CIO Unplugged  »  Facebook malware campaign exploiting ChatGPT’s popularity: CloudSEK investigation

Facebook malware campaign exploiting ChatGPT’s popularity: CloudSEK investigation

0 85

CloudSEK researchers have exposed nefarious tactics employed by threat actors to hijack Facebook accounts and misuse the popularity of ChatGPT to spread malware.

The finding shows that ChatGPT, a popular language model developed by OpenAI, is being exploited by these actors to attract users and trick them into downloading malware onto their devices.

Threat actors are using previously compromised data, phishing techniques, and stealer logs to infiltrate existing Facebook accounts and pages. Compromised accounts and pages are being used to distribute malware through various channels, such as Trello boards, Google Drive, and individual websites embedded in Facebook ads.

A password accompanies the download link to lend further credibility to the scam. Compromised accounts can also result in the theft of personally identifiable information (PII) and sensitive details such as payment information.

Infection chain – compromised Facebook accounts spreading malware

CloudSEK’s investigation has revealed the presence of 13 Facebook pages/accounts, totaling over 500K followers, that have been compromised and are being used to disseminate the malware via Facebook ads.

The oldest instance of such a hijacking, as identified by their researcher, dates back to 13 February 2023 and pertains to a page with over 23K followers.

                                                                                                                                                                                    ”     Cybercriminals are capitalizing on the popularity of ChatGPT, exploiting Facebook’s vast user base by compromising legitimate Facebook accounts to distribute malware via Facebook ads, putting users’ security at risk. Our investigation has uncovered 13 compromised pages with over 500K followers, some of which have been hijacked since February 2023. We urge users to be vigilant and aware of such malicious activities on the platform,” said Bablu Kumar, Cyber Intelligence Analyst, CloudSEK.

The research paper also highlights the repeated use of a specific video to attract and engage the audience across the majority of the compromised accounts. This pattern suggests that this campaign, of deploying malware via Facebook ads, is most likely the activity of a distinct group of threat actors or an individual threat actor.

CloudSEK’s investigation has uncovered at least 25 websites engaging in the nefarious practice of impersonating the OpenAI.com website. These malicious sites are duping individuals into downloading and installing harmful software, posing a severe risk to their security and privacy.

Majority of compromised accounts were being controlled by Vietnamese actors. Semrush, SMIT, Evoto, and OBS Studio are a few other websites targeted in a similar manner.

“The malicious malware is not only capable of stealing sensitive information such as PII, system information, and credit card details from the user’s device, but also has replication capabilities to spread across systems through removable media. With the ability to escalate privileges and persistently remain on the system, it poses a significant threat. Its malicious nature is evident from being flagged by 9 out of 61 security vendors on VirusTotal,” said Bablu Kumar, Cyber Intelligence Analyst, CloudSEK.

The report also provides details of the threat actors and the Trello cards used by them to disseminate malware. CloudSEK’s findings are a testament to the growing threat landscape and highlight the need for individuals and organizations to remain vigilant and take proactive measures to protect their systems and networks.

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image