Meta’s security team has acknowledged the widespread prevalence of fraudulent ChatGPT malware, which aims to compromise user accounts and seize control of business pages.
In Meta’s Q1 security report, the company revealed that malware operators and spammers are capitalizing on trending and high-engagement topics to capture people’s attention. Currently, AI chatbots, such as ChatGPT, Bing, and Bard, are among the most prominent technology trends.
As a result, tricking users into using a counterfeit version of these chatbots has become a popular strategy for cybercriminals, outshining even crypto-related scams.
Since March, Meta’s security analysts have uncovered approximately ten types of malware masquerading as AI chatbot-related tools, including ChatGPT. Some of these fake tools are available as web browser extensions and toolbars, and they are even accessible via unofficial web stores.
The Washington Post reported last month that these scams have also used Facebook ads to proliferate.
Over 1,000 Malicious Links Blocked
Certain fraudulent ChatGPT tools have even been designed with AI capabilities to give the appearance of being a legitimate chatbot. Meta has blocked over 1,000 distinct links to these malicious iterations of the software, which have been circulating on its platforms.
The company has also supplied technical details on how hackers gain access to accounts, which involves seizing login sessions and retaining access, a strategy similar to the one that led to the downfall of Linus Tech Tips’s YouTube account.
Meta is introducing a new support process for companies whose Facebook accounts have been compromised or deactivated, enabling them to recover and reclaim access. Typically, business pages are vulnerable to hacking because malware targets Facebook users who have access to them.
Secure Work Accounts
To address this issue, Meta is rolling out new work accounts that support current single sign-on (SSO) credential services, which are frequently more secure and aren’t tied to a personal Facebook account.
By migrating a business account to this new setup, it should be substantially harder for hackers to launch an attack.