Meta Tackles Malware Posing as ChatGPT in Persistent Campaigns

Written by

Facebook parent company Meta has recently taken down persistent malware campaigns targeting several businesses across the internet. 

Among the malware families that were detected and disrupted by the tech giant were Ducktail and the newly identified NodeStealer, which have been targeting people through malicious browser extensions, ads and social media platforms with the goal of running unauthorized ads from compromised business accounts.

Read more on Ducktail here: Ducktail Hacker Group Evolves, Targets Facebook Business Accounts

“In its latest iteration, Ducktail operators, likely in response to our round-the-clock detection terminating stolen sessions, began automatically granting business admin permissions to requests for ad-related actions sent by attackers as an attempt to speed up their operations before we block them,” Meta wrote in a report published on Wednesday.

“However, our continued detection and mitigations provide protections to businesses against these latest adaptations.”

As for NodeStealer, Duc H. Nguyena and Ryan Victory said Meta researchers discovered the malware in January. It reportedly targeted internet browsers on Windows to steal cookies and saved usernames and passwords to ultimately compromise Facebook, Gmail and Outlook accounts.

“NodeStealer is custom-written in JavaScript and bundles the Node.js environment. We assessed the malware to be of Vietnamese origin and distributed by threat actors from Vietnam.”

In the new report, the security researchers also highlighted the emergence of new malware posing as ChatGPT and other similar tools. 

“Since March 2023 alone, we have found around ten malware families using ChatGPT and other similar themes to compromise accounts across the internet,” Nguyena and Victory wrote.

“In one case, we’ve seen threat actors create malicious browser extensions available in official web stores that claim to offer ChatGPT-based tools. They would then promote these malicious extensions on social media and through sponsored search results to trick people into downloading malware.”

However, the malware experts said Meta’s multi-faceted approach to tackling malware threats has proved successful in recent efforts, including detecting and disrupting campaigns involving ChatGPT impersonation.

The latest Meta report comes weeks after Group-IB published an advisory describing a Facebook impersonation scheme relying on over 3000 fake profiles.

What’s hot on Infosecurity Magazine?