The security experts at Meta have found that malware distributors are adopting generative AI applications as their latest strategy for spreading harmful software.

As the excitement around generative AI grows, threat actors have begun manipulating public interest in OpenAI’s ChatGPT, using it to trick users into downloading malware. This insight comes from Meta security engineers Duc H. Nguyen and Ryan Victory. Know More These malicious campaigns seek to compromise businesses by targeting their advertising accounts online, aiming to undermine their operations.

Malware developers are casting a wide net, targeting platforms including file-sharing services like Dropbox, Google Drive, Mega, MediaFire, Discord, Trello by Atlassian, Microsoft OneDrive, and iCloud, under the guise of offering AI functions.

Since March 2023, researchers have spotted multiple malware variants that exploit themes surrounding ChatGPT to illicitly access online accounts. For example, cybercriminals have created rogue browser extensions that falsely claim to deliver ChatGPT-related features and have uploaded these extensions to official web stores.

By utilizing social media and paid search ads, malware operators have promoted these deceptive browser add-ons, tricking users into unwittingly installing harmful software. To evade detection by official marketplaces, some of these extensions even include legitimate ChatGPT functionalities.

According to Meta's security engineers, they have successfully blocked the dissemination of over 1,000 malicious links themed around ChatGPT on their platforms, and have collaborated with industry partners to bolster defenses.

Drawing parallels to previous malware incidents like Ducktail, the criminals behind these recent schemes have rapidly adapted their tactics in response to enforcement actions and public awareness. They are now employing cloaking techniques to bypass automated ad verification and making use of popular marketing strategies, including link-shortening, to obscure their links' true intents.

Their strategies are evolving to incorporate other trending subjects, such as TikTok marketing. Some have even begun targeting smaller platforms like Buy Me a Coffee as a means of pushing harmful content, especially after larger platforms have taken stronger action against them. Know More In light of the current buzz around generative AI, users need to be cautious about clicking on unexpected links or downloading applications that claim to be ChatGPT-related, especially those found in browser web stores or sidebar advertisements.

The OpenSea Discord server has been compromised, leading to bots promoting a nonexistent partnership with YouTube.

Read More

• The NFT platform LiveArtX faced a security breach, resulting in the theft of NFTs and causing a significant drop in the value of 'Meta-morphic Seven Treasures'.
• A donation featuring a CryptoPunk has successfully raised $100,000 to support Ukraine amid its ongoing conflict.
• Please be aware that the information on this page is not meant to serve as legal, tax, investment, financial, or any other kind of advice. It's essential to invest only what you can afford to lose and seek out independent financial advice if you have any uncertainties. For additional details, we recommend reviewing the terms and conditions alongside the help and support resources provided by the issuer or advertiser. While MetaversePost strives for accuracy and impartiality in reporting, market circumstances can shift without notice.