Malicious actors exploits generative AI popularity
In a threat alert, Meta revealed that malicious actors are taking advantage of the rising popularity of generative artificial intelligence (AI), particularly ChatGPT, to carry out their nefarious activities. It goes on to say that it has discovered ten new strains of malware, including Ducktail and NodeStealer, some of which have been cleverly disguised as ChatGPT browser extensions.
According to Meta, the business has terminated over 1,000 connections to malware masquerading as ChatGPT extensions and apps. These malware families, such as Ducktail, NodeStealer, and other similar tools, target users using a variety of methods, including the distribution of malicious browser extensions, the deployment of deceptive adverts, and the exploitation of social media platforms. The primary goal of these harmful programs is to steal account credentials and take control of compromised corporate accounts in order to conduct illicit internet advertising campaigns.
One approach used by threat actors is to create malicious browser extensions and distribute them through legitimate online shops. These extensions, which fraudulently claim to provide ChatGPT-based functionality, are advertised via social media and paid search results. This misleading method tricks people into unintentionally downloading malware. Some of these extensions even provide actual ChatGPT capabilities to avoid raising suspicions.
Meta has proved effective in identifying and interrupting malware operations, exposing previously undiscovered malware families. However, the perpetrators of these attacks have adapted quickly, changing their initial targets elsewhere on the internet.
Ducktail, for example, uses social engineering tactics on networks such as LinkedIn to trick people into downloading malware. It also attempts to get illegal access to users’ information using major browsers such as Google Chrome, Microsoft Edge, Brave, and Firefox. Furthermore, file-hosting services such as Dropbox and Mega are used as virus hosting sites.
The sources for this piece include an article in InfoSecurityMagazine.