In brief: We've heard about generative AIs like ChatGPT being used to create malicious code before, but hackers are utilizing them to spread malware in a different way: by using their newfound popularity as a lure.
Facebook parent Meta published its latest threat research and technical analysis into persistent malware campaigns this week. The report warns that it discovered ten malware families, including DuckTail and NodeStealer, posing as ChatGPT and another generative AI tools, targeting people through malicious browser extensions, ads, and various social media platforms. Their aim is to run unauthorized ads from compromised business accounts across the internet.
"In one case, we've seen threat actors create malicious browser extensions available in official web stores that claim to offer ChatGPT-based tools," said Meta security engineers Duc H. Nguyen and Ryan Victory. "They would then promote these malicious extensions on social media and through sponsored search results to trick people into downloading malware."
Meta said it detected and disrupted these malware operations, including previously unreported malware families, and has already seen rapid adversarial adaptation in response.
TechCrunch writes that DuckTail originated in Vietnam and has targeted Facebook users since 2021. The malware steals browser cookies and hijacks logged-in sessions to steal a victim's data, including account information, location data and two-factor authentication codes. It can also hijack any Facebook business account the victim has access to.
NodeStealer was identified by Facebook in January. It targets internet browsers on Windows with the goal of stealing cookies and saved usernames and passwords to ultimately compromise Facebook, Gmail, and Outlook accounts. It also originates from Vietnam and is distributed by threat actors from the country.
Meta says it quickly took action to disrupt NodeStealer, including submitting takedown requests to third-party registrars, hosting providers, and application services such as Namecheap, which were targeted by the malware to facilitate distribution.
The social media giant said it has not observed any new samples of malware from the NodeStealer family since February 27 of this year, though it continues to monitor for any future activity.
Cybercriminals are quick to jump on the latest trends and popular services as a way of spreading malware. Previous examples include MSI Afterburner, Roblox, and even Cyberpunk 2077. But this is the first time we've seen something that can also write malicious code used as a lure.
https://www.techspot.com/news/98563-fake-chatgpt-services-used-lures-spread-malware-facebook.html
This comes as a surprise. 
