Meta Tackles Malware Posing as ChatGPT in Persistent Campaigns
Meta has announced that it has successfully taken down several persistent malware campaigns that were targeting various businesses on the internet. These campaigns were using malicious browser extensions, ads, and social media platforms to run unauthorized ads from compromised business accounts. Among the notable malware families detected and disrupted by the tech giant were Ducktail and NodeStealer.
Ducktail and NodeStealer
Ducktail, a notorious malware family, recently began granting business admin permissions to requests for ad-related actions sent by attackers to speed up their operations before getting blocked by Meta's round-the-clock detection and mitigations. Despite this adaptation, Meta's uninterrupted detection and mitigation efforts provide businesses with sufficient protection against these latest tactics.
Meta researchers discovered NodeStealer, which targeted internet browsers on Windows to steal cookies, usernames, and passwords to gain unauthorized access to Facebook, Gmail, and Outlook accounts. NodeStealer is custom-written in JavaScript and bundled with the Node.js environment. According to the researchers, the malware is of Vietnamese origin and usually distributed by Vietnamese threat actors. Despite its deviousness, Meta's comprehensive approach to tackling malware threats has consistently proven successful in recent efforts, including detecting and disrupting campaigns involving ChatGPT impersonation.
New Malware Posing as ChatGPT and Other Similar Tools
The Meta researchers also highlighted the emergence of new malware that poses as ChatGPT and other similar tools. Since March 2023, several malware families have been discovered using ChatGPT and similar themes to compromise accounts across the internet. In one instance, threat actors created malicious browser extensions that were available in official web stores and claimed to offer ChatGPT-based tools. They then promoted these malicious extensions on social media and through sponsored search results to trick people into downloading the malware. These tactics have necessitated Meta's multi-faceted approach to tackling malware threats.
