Beware! Posing as ‘ChatGPT’, Cybercriminals Run FB Malware Campaign, Use Service Only on Official Site​

CloudSEK researchers have found a malware marketing campaign began by cybercriminals in mid-February utilizing ChatGPT’s reputation.

Within a month, it has already affected 13 Facebook accounts or pages, with over 500K followers, together with one Indian web page which had over 2 lakh followers. The crew additionally revealed that the risk actors focused YouTube and hijacked the prevailing accounts and they’re following the identical methodology for Facebook accounts and pages.

After taking on the Facebook pages, the cybercriminals modify the profile info part to make it appear like an genuine ChatGPT web page. The risk actors additionally modified the username “ChatGPT OpenAI” and made the ChatGPT image the profile picture.

Using these compromised accounts, they also ran Facebook ads promoting the “latest version of ChatGPT, GPT- V4″, which, when downloaded, installs stealer malware on the victim’s device.

USING TRELLO, GOOGLE DRIVE

According to the findings, threat actors distributed malware via a variety of channels, including Trello boards, Google Drive and various individual websites embedded in Facebook ads. These ads are made to look authentic and contain all the information required to persuade unwary consumers that they are genuine. To give the scam more legitimacy, a password is included with the download URL.

CloudSEK told News18 that as of today, 9 out of 13 Facebook accounts/pages are still actively distributing malware using Facebook posts and ads.

The researchers also shared the link to the compromised Indian Facebook page and News18 found that it is still showing ChatGPT’s logo and the profile name, which suggested that the page is neither flagged nor blocked.

ON FEB 13

However, as per the findings, the earliest example of such a hijacking occurred on February 13 this year and involved a page with more than 23K followers. Not only that, the researchers also noticed the threat actors have also targeted recently created accounts, some of which were only 0 days old.

The findings also emphasized how the majority of the hijacked accounts repeatedly used a certain video to draw in and keep their audience interested. This trend implies that the effort to spread malware through Facebook ads is most likely the work of a specific threat actor or a group.

STEALING INFO

The malware in circulation is capable of stealing sensitive information from the user’s device, such as personal details, system information, credit card details and so on. It also has replication capabilities, making it easier to spread across systems via removable media.

However, the researchers said that despite the fact that different people from separate countries created the original pages, the majority of the hijacked Facebook accounts were being controlled by cyber criminals from Vietnam, the Philippines, Brazil, Pakistan and Mexico.

Additionally, among these countries, threat actors from Vietnam and the Philippines exhibited the highest incidence of compromised accounts.

CloudSEK told News18 that those who are interested in OpenAI’s services or want to use ChatGPT should visit the official ChatGPT website or the OpenAI website. According to them, as “the ChatGPT is an online-based service, there is no need to download any software on your system. So be cautious of any downloadable software that claims to be ChatGPT”.

Furthermore, it additionally suggested to not disclose any private info, comparable to cellular quantity, dwelling tackle, or fee particulars, if the web site seems to be suspicious. As per the researchers, customers ought to confirm the web site’s legitimacy earlier than sharing any info.​

Read all of the Latest Tech News right here