ChatGPT boom drives surge in AI-powered malware targeting Facebook business accounts


The use of artificial intelligence to spread malware is increasing month-by-month as platforms like YouTube and Facebook are used to propagate malicious links via AI generated content and a fake ChatGPT extension. While the rise of generative AI chatbots like ChatGPT was always likely to be accompanied by a spike in cybercrime, social media sites should be more proactive in policing their platforms for harmful content as hackers become more advanced, researchers warn. 

ChatGPT and AI used to lure victims into infostealing scams. (Photo by Chrispictures/Shutterstock)

Both YouTube and Facebook have seen their platforms abused by cybercriminals to target their users. Increasingly these malware campaigns are designed using AI and ChatGPT, making them harder to detect.

“The threat actors are getting so sophisticated that it becomes hard for even well-aware users to distinguish between what’s good and what’s bad,” said Allan Liska CSIRT at security vendor Recorded Future.

AI and ChatGPT used to propagate malware campaigns on YouTube and Facebook

A new report from security company CloudSEK states that since November 2022 there has been a 200%-300% month-on-month increase in videos containing infostealer malware being uploaded to YouTube.

The videos masquerade as step-by-step guides on how to download expensive software like Photoshop, Premiere Pro and Autodesk 3DS Max for free. Links to the malware are concealed in the content’s description, and stealers found in the malicious videos include Vidar RedLine and Racoon.

Often AI-generated videos are being used in the campaigns because footage featuring humans with certain facial features have been found to be more popular, as they are more familiar and trustworthy.

“We have observed that every hour five to 10 ‘crack software’ download videos containing malicious links are uploaded to YouTube,” the report says. “At any given time, if a user searches for a tutorial on how to download a cracked software, these malicious videos will be available.”

In a similar style of attack, cybercriminals are luring in victims using a fake ChatGPT add-on for the Chrome browser. The malicious stealer extension is called “Quick Access to Chat CPT” and is promoted on Facebook sponsored posts, advertising a quick way to access the popular chatbot. Instead it implements a malvertising campaign.

Content from our partners

Addressing ESG to build a better, more sustainable business 

Addressing ESG to build a better, more sustainable business 

Empower finance leaders to become agents of change

Empower finance leaders to become agents of change

Why the fashion industry must leverage tech to unlock supply chain visibility 

Why the fashion industry must leverage tech to unlock supply chain visibility 

The extension gives users access ro ChatGPT’s API, but also harvests huge amounts of information from the browser such as cookies and credentials.

View all newsletters Sign up to our newsletters Data, insights and analysis delivered to you By The Tech Monitor team

How the bogus ChatGPT extension works

Once downloaded, the extension becomes an integral part of the browser, allowing it to send requests to any other service, as if the browser owner themselves were administering the commands. “This is crucial as the browser, in most cases, already has an active and authenticated session with almost all your day-to-day services, e.g. Facebook,” explains a report from security company Guardio.

If the victim has a Facebook business account, it will be taken over completely. “By hijacking high-profile Facebook business accounts, the threat actor creates an elite army of Facebook bots and a malicious paid media apparatus. This allows it to push Facebook paid ads at the expense of its victims in a self-propagating worm-like manner,” continues the report.

“Once the victim opens the extension windows and writes a question to ChatGPT, the query is sent to OpenAI‘s servers to keep you busy – while in the background it immediately triggers the harvest.”

Tech Monitor has contacted YouTube and Facebook for comment.

Cybercriminals using AI and ChatGPT is to be expected, says Liska, but their scams are rapidly increasing in sophistication. “Our advice is always, ‘take a minute to think about what you’re doing. Is that really a ChatGPT application or is it a scam?’,” he says.

But it’s getting harder and harder to identify the fakes, Liska adds. “We’re in a sort of ‘Wild West’ ecosystem where it can be hard to distinguish between what’s illegitimate and what’s real,” he says.

“We need to start holding both software companies and platforms accountable for the bad things that happen on their network, when they allow this kind of malware to propagate on their platform without taking steps to address it.”

Read more: Malware infects more than 14,000 WordPress sites

Topics in this article : Cybersecurity

随着YouTube和Facebook等平台通过人工智能生成的内容和虚假ChatGPT扩展来传播恶意链接,使用人工智能传播恶意软件的情况逐月增加。研究人员警告称,尽管像ChatGPT这样的生成式人工智能聊天机器人的兴起总是可能伴随着网络犯罪的激增,但随着黑客变得更加先进,社交媒体网站应该更加主动地监管其平台上的有害内容。YouTube和Facebook的平台都被网络犯罪分子滥用,以锁定用户。这些恶意软件越来越多地使用人工智能和ChatGPT设计,这使得它们更难被发现。安全供应商Recorded Future的艾伦•里斯卡•CSIRT表示:“威胁行为者变得如此复杂,以至于即使是很清醒的用户也很难区分什么是好,什么是坏。”安全公司CloudSEK的一份新报告称,自2022年11月以来,上传到YouTube的含有infostealer恶意软件的视频每月增长了200%-300%。这些视频伪装成如何免费下载Photoshop、Premiere Pro和Autodesk 3DS Max等昂贵软件的分步指南。恶意软件的链接隐藏在内容描述中,恶意视频中发现的窃取者包括Vidar RedLine和Racoon。在宣传活动中经常使用人工智能生成的视频,因为人们发现具有某些面部特征的人类视频更受欢迎,因为他们更熟悉、更值得信赖。报告称:“我们观察到,每小时就有5至10个含有恶意链接的‘破解软件’下载视频被上传到YouTube。”“在任何时候,如果用户搜索如何下载被破解软件的教程,这些恶意视频就会出现。”在类似的攻击风格中,网络犯罪分子使用假冒的Chrome浏览器ChatGPT插件来引诱受害者。恶意窃取的扩展名为“快速访问聊天CPT”,并在Facebook赞助的帖子上进行推广,宣传一种快速访问流行聊天机器人的方法。相反,它实施了一场恶意广告活动。该扩展允许用户访问ChatGPT的API,但也从浏览器中获取大量信息,如cookie和凭据。一旦下载,扩展就成为浏览器的一个组成部分,允许它向任何其他服务发送请求,就好像浏览器所有者自己在管理命令一样。安全公司Guardio的一份报告解释道:“这一点至关重要,因为在大多数情况下,浏览器已经与你几乎所有的日常服务(如Facebook)建立了一个活跃的、经过认证的会话。”如果受害者有一个Facebook商业账户,它将被完全接管。“通过劫持高调的Facebook商业账户,威胁行动者创建了一支由Facebook机器人和恶意付费媒体组成的精英军队。这使得它能够以一种自我传播的蠕虫式方式,以牺牲受害者的利益为代价,推动Facebook的付费广告。”“一旦受害者打开扩展窗口并向ChatGPT写一个问题,查询就会被发送到OpenAI的服务器,让你忙起来——而在后台它会立即触发收集。”Tech Monitor联系了YouTube和Facebook寻求评论。Liska说,使用人工智能和ChatGPT的网络罪犯是可以预料到的,但他们的骗局正在迅速增加。“我们的建议总是,‘花一分钟想想你在做什么。这真的是一个ChatGPT应用程序还是一个骗局?’”他说。但里斯卡补充说,识别假货越来越难了。他说:“我们处在一种‘狂野西部’的生态系统中,很难区分什么是非法的,什么是真实的。”








