Meta Sees Rise in ChatGPT-Themed Attacks

Researchers at Meta have seen a rise in ChatGPT-themed attacks, the company announced in a May 3 report reviewing cybersecurity issues on its platforms. The Menlo Park, California, based technology conglomerate owns Facebook, the world’s most popular social network, along with Instagram and WhatsApp.

Digital fraudsters are taking advantage of the AI technology ChatGPT craze. The next-generation AI system that essentially mimics a conversation between users and an artificial intelligence. Since March, Meta has blocked more than 1,000 unique ChatGPT-themed web addresses designed to deliver malicious software to users’ devices.

The rapidly growing platform currently has 1.16 billion users, reaching the 1 billion user mark in March 2023. These numbers depicted an increase of almost 55% from February 2023 to March 2023. It managed to cross 1 million users within 5 days of its launch and 100 million users within two months. as everyone else on the internet and have taken advantage of its allure to spread a new strain of malware across Facebook, Instagram and WhatsApp in recent months.

“Over the past several months, we’ve investigated and taken action against malware strains taking advantage of people’s interest in OpenAI’s ChatGPT to trick them into installing malware pretending to provide AI functionality,” wrote Meta researchers Duc H. Nguyen and Ryan Victory in a post published on the official Meta blog.  

These latest attempts targeted a number of popular platforms, including file-sharing services Dropbox, Google Drive, Mega, Media Fire, Discord, Atlassian’s Trello, Microsoft OneDrive, and iCloud. Its ultimate goal is to compromise businesses with access to ad accounts across the internet.

Since March 2023 alone, the Meta team has found around 10 malware families using ChatGPT and other similar themes to deliver malicious malware to users’ devices. In one example, threat actors created malicious browser extensions offered through official web stores that claimed to be legitimate ChatGPT-based tools. These malicious extensions were promoted on social media and through sponsored search results to trick people into downloading malware. In fact, some of these extensions did include working ChatGPT functionality alongside malware, likely to avoid suspicion from official web stores. 

The Meta team has blocked over 1,000 unique ChatGPT-themed malicious URLs from being shared on its various platforms and has alerted industry peers to prevent the widespread use of these malicious browser extensions.

Meta warns that users’ devices may be infected with malware if they exhibit the following signs:

  • Shorter device battery life
  • Suspicious account activity, including unauthorized financial charges  
  • Slower device speeds or device freezing
  • Suspicious popups 
  • Odd toolbars, icons or tabs that were not installed by the user

To help businesses stay safe across their Meta accounts, Meta continually releases protections against malicious activity, including new malware removal support, verifying connected Business Manager accounts, increasing protections for sensitive account actions: We are expanding authorization requirements for sensitive business account actions like accessing a credit line or changing and rolling out Meta Work accounts: