Meta, formerly known as Facebook, has issued a warning about fraudulent ChatGPT accounts on its platform. The company has discovered that malware creators are taking advantage of the public’s interest in ChatGPT and using this to entice users into downloading harmful applications and browser extensions. Meta has likened the phenomenon to cryptocurrency scams, as both tactics exploit people’s curiosity and trust to gain access to sensitive information. The company has identified around 10 malware families posing as ChatGPT, which have similar tools for compromising accounts across the internet. In its Q3 2023 security report, Meta stated that it had detected and blocked over 1,000 unique malicious URLs from being shared on its apps and reported them to its industry peers.
Once a user downloads the malware, malicious actors can launch an attack and continually update their methods to bypass security protocols. Meta also noted that the industry’s efforts are forcing threat actors to evolve their tactics rapidly in attempts to evade detection and enable persistence. One way they do this is by spreading across as many platforms as possible to protect against enforcement by any one service. The company has seen malware families leveraging services like Facebook, LinkedIn, browsers such as Chrome, Edge, Brave, and Firefox, link shorteners, file-hosting services like Dropbox and Mega, and more. When they get caught, they mix in more services, including smaller ones that help them disguise the ultimate destination of links.