Meta warns about malicious ChatGPT imposters
San Francisco: Meta (formerly Facebook) has said that it had discovered malware creators who are taking advantage of the public's interest in ChatGPT and using this interest to entice users into downloading harmful applications and browser extensions.
Meta has compared this phenomenon to cryptocurrency scams, as both tactics exploit people's curiosity and trust to gain access to sensitive information.
The company said they have found around 10 malware families posing as ChatGPT and similar tools to compromise accounts across the internet.
"Over the past several months, we've investigated and taken action against malware strains taking advantage of people's interest in OpenAI's ChatGPT to trick them into installing malware pretending to provide AI functionality," Meta writes in its Q3 2023 security report.
"We've detected and blocked over 1,000 of these unique malicious URLs from being shared on our apps, and reported them to our industry peers at file-sharing services where malware was hosted so they, too, can take appropriate action," it added.
Moreover, Meta mentioned that as soon as a user downloads malware, malicious actors can launch an attack and are continually updating their methods to bypass security protocols.
The tech giant further said that the industry's efforts are forcing threat actors to rapidly evolve their tactics in attempts to evade detection and enable persistence.
"One way they do this is by spreading across as many platforms as they can to protect against enforcement by any one service. For example, we've seen malware families leveraging services like ours and LinkedIn, browsers like Chrome, Edge, Brave and Firefox, link shorteners, file-hosting services like Dropbox and Mega, and more," Meta said.
When they get caught, they mix in more services, including smaller ones that help them disguise the ultimate destination of links.
In addition, the company also took action against nine separate adversarial networks around the world for engaging in covert influence operations and cyber espionage.