ChatGPT is being used to lure victims into downloading malware

ChatGPT
(Image credit: CKA via Shutterstock)

Hackers are trying to capitalize on the enormous popularity of ChatGPT to distribute malware, security experts have warned.

A report from cybersecurity researchers CloudSEK has detailed an elaborate scheme that includes stolen Facebook accounts, groups, and pages, malicious Facebook ads, and fake ChatGPT software.

As per the report, threat actors are using stolen Facebook accounts to distribute malware. They would log into these accounts, and use them to run malicious ads. The ads would advertise a website where the “latest version” of ChatGPT can be downloaded - for free.

Fake sites, stolen Facebook groups

For the uninitiated, ChatGPT is a language-based artificial intelligence model, a chatbot whose revolutionary technology took the world by storm. 

The tool is mostly free and can be accessed via this link. There is no executable to be downloaded, and whoever is advertising one is a malicious actor. 

Victims that take the bait and download the malware risk compromising their personally identifiable data (PII), as well as payment data - if this happens, then using the best identity theft protection may be the best recourse. The researchers also say the malware can spread across systems through removable media, and escalate privileges to remain on the compromised endpoints. 

When they’re not running malicious ads, the attackers are using compromised Facebook accounts that administer different pages and groups. Admin accounts are quite valuable on the dark web, as they exponentially expand the reach of any malware campaign, and do so organically. For this campaign, the researchers discovered 13 Facebook pages/accounts with more than 500,000 followers. The oldest page was stolen in mid-February this year and has more than 23,000 followers. 

"Cybercriminals are capitalizing on the popularity of ChatGPT, exploiting Facebook's vast user base by compromising legitimate Facebook accounts to distribute malware via Facebook ads, putting users' security at risk. Our investigation has uncovered 13 compromised pages with over 500K followers, some of which have been hijacked since February 2023. We urge users to be vigilant and aware of such malicious activities on the platform,” said Bablu Kumar, Cyber Intelligence Analyst, CloudSEK.

Through these pages and groups, the attackers seem to be distributing a video to attract and engage the audience. Furthermore, CloudSEK discovered at least 25 websites that are impersonating OpenAI’s chatbot. The majority of compromised accounts were being controlled by Vietnamese actors, they concluded. 

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
DDoS attack
ChatGPT security flaw could open the gate for devastating cyberattack, expert warns
Representational image of a cybercriminal
Criminals are spreading malware disguised as DeepSeek AI
Sam Altman and OpenAI
Open AI bans multiple accounts found to be misusing ChatGPT
Fraude en ligne phishing
Google Search ads are being hacked to steal account info
DeepSeek
Experts warn DeepSeek is 11 times more dangerous than other AI chatbots
Magnifying glass enlarging the word 'malware' in computer machine code
Microsoft Teams and AnyDesk abused to deploy dangerous malware, so be on your guard
Latest in Security
An American flag flying outside the US Capitol building against a blue sky
The FCC is creating a security council to bolster US defenses against cyberattacks
Image depicting hands typing on a keyboard, with phishing hooks holding files, passwords and credit cards.
Microsoft warns about a new phishing campaign impersonating Booking.com
Ransomware
Microsoft uncovers sleuthy new XCSSET MacOS malware campaign
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Meta warns of worrying security flaw hitting open source type software
Hand holding smartphone and scan fingerprint biometric identity for unlock her mobile phone
Biometrics add another layer of security to passwordless authentication
Data leak
Hacked Tata Technologies data leaked by ransomware gang
Latest in News
A graphic of the PC Gaming Show
Get ready for a bounty of PC games on June 8, as the PC Gaming show is back
A close up of The Daily podcast from Pocket Casts' web page
‘Podcasting shouldn’t be locked behind walled gardens’: Pocket Casts slams Spotify and makes its web player free to all
A smartphone on a sofa showing the WhatsApp, Telegram and Signal apps
Forget AI – WhatsApp is planning a simple messages feature that could be its most useful upgrade in years
NordicTrack Ultra 1
The new NordicTrack Ultra 1 treadmill looks like it was designed by an architect and costs $15,000
An Nvidia GeForce RTX 5070
Nvidia RTX 5080 stock is so barren that retailers are holding competitions where you can "win" the right to buy one for MSRP
Assassin's Creed Shadows
Ubisoft shareholder accuses publisher of 'misleading investors', plans protest outside Paris HQ