Meta (formerly known as Facebook) has stated that it had discovered malware creators who are taking advantage of the public's interest in ChatGPT and using this interest to entice users for downloading harmful applications and browser extensions. The company has compared the phenomenon to cryptocurrency scams, as both tactics are being exploited by people's curiosity and trust to gain access to sensitive information.
The company said that they have found around 10 malware families which are posing as ChatGPT and have similar tools to compromise accounts across the internet.
In the Q3 2023 security report, Meta writes: "Over the past several months, we've investigated and taken action against malware strains taking advantage of people's interest in OpenAI's ChatGPT to trick them into installing malware pretending to provide AI functionality."
It added further: "We've detected and blocked over 1,000 of these unique malicious URLs from being shared on our apps, and reported them to our industry peers at file-sharing services where malware was hosted so they, too, can take appropriate action.”
Also, Meta mentioned that as soon as a user downloads malware, malicious actors can launch an attack and are continually updating their methods to bypass security protocols.
The tech giant stated that the industry's efforts are forcing threat actors to rapidly evolve their tactics in attempts to evade detection and enable persistence.
Meta said: "One way they do this is by spreading across as many platforms as they can to protect against enforcement by any one service. For example, we've seen malware families leveraging services like ours and LinkedIn, browsers like Chrome, Edge, Brave and Firefox, link shorteners, file-hosting services like Dropbox and Mega, and more.”
When they get caught, they mix in more services, including smaller ones that help them disguise the ultimate destination of links.=
Adding further, the company took on action against nine separate adversarial networks around the world for engaging in covert influence operations and cyber espionage.
Inputs from IANS