Chatbots Used For Malware
Meta has Reported an Increase in Malware using ChatGPT
Hackers are using the popularity of generative AI chatbots like ChatGPT to spread malware. They create malware that pretends to be a chatbot to trick users into downloading it. This is a common tactic used by hackers to make their malicious software look legitimate and increase the chances of users downloading it. Once the malware is installed on the user’s device, it can steal sensitive information or cause other types of damage.
Meta, the parent company of Facebook, has released a report warning of an increase in malware attacks that use these ChatGPT-themed lures. They are spread across Facebook, Instagram, and WhatsApp.
In total, Meta’s security teams have discovered 10 different malware families since March 2023 that use them to deliver malicious software to users’ devices. One example is the DuckTail malware. This has been targeting Facebook users since 2021. Stealing browser cookies and hijacking logged-in Facebook sessions, to take information from the victim’s Facebook account. The malware also allows the attacker access to any Facebook Business account the victim has access to.
Additionally, Meta has attributed the distribution of DuckTail to threat actors in Vietnam. They have taken action against them in the past by issuing ‘cease-and-desist’ letters and notifying law enforcement. Meta has also discovered a new malware called NodeStealer, which targets Windows-based browsers to steal login details of Facebook, Gmail, and Microsoft Outlook accounts.
To help business users better fend off malware attacks, Meta has added new features, including support tools. They also plan to launch ‘Facebook at Work’ accounts later this year, which will allow business users to log in and operate Business Manager without requiring a personal account. Thus, helping prevent attacks that begin with a compromised personal account.
To protect themselves from these types of attacks, users should be cautious when downloading software. Avoid clicking on links or downloading attachments from unknown or suspicious sources. It is also important to keep anti-virus and anti-malware software up-to-date to prevent attacks.