Meta has recently detected and excluded over 1,000 malicious URLs from its services using ChatGPT and Google Bard to steal business pages since March 2023. These URLs were found to be part of a malicious campaign that targeted the personal profiles of users linked to Facebook business pages and ad accounts.
The attackers behind this campaign create malicious browser extensions that offer tools based on ChatGPT. These extensions are made available on official online stores, and the scammers then promote them on social media and search engine ads. According to information security company Trend Micro, there is an info stealer disguised as a ChatGPT client for Windows that extracts passwords, session cookies, and history from Chromium-based browsers. Experts say that this malware bears similarities to Ducktail, another info stealer targeting Facebook users.
In addition to ChatGPT, the attackers also pose as popular apps like Google Bard, TikTok marketing tools, pirated software and movies, and Windows utilities to trick users into clicking on malicious links. The attackers use various platforms for advertising the malware, including the Buy Me a Coffee crowdfunding platform, Discord, Dropbox, Google Drive, iCloud, MediaFire, Mega, Microsoft OneDrive, and Trello.
The main objective of this campaign is to launch unauthorized advertising from hacked business accounts. Meta has been working hard to stop these malicious campaigns, as it poses a significant threat to the security and privacy of its users. Recently, Meta discovered another info stealer called NodeStealer that is capable of stealing cookies and passwords from web browsers to eventually compromise Facebook, Gmail, and Outlook accounts.
Users must be cautious when downloading browser extensions and other software, especially if it is advertised through social media or other online platforms. It is essential to verify the source of the software before installing it and ensure that it is legitimate. By taking these precautions, users can help protect themselves from falling prey to malicious campaigns such as this one.