Meta finds fake ChatGPT malware running amok

The Meta security team acknowledges that there is a lot of fake ChatGPT malware that exists to hack user accounts and take over company pages.

In the new of the company Q1 security report, Meta shares that malware operators and spammers follow trends and topics that attract a lot of attention and grab people’s attention. Of course, the biggest tech trend right now is AI chatbots like ChatGPT, Bing, and Bard, so it’s now fashionable to trick users into trying a fake version – sorry, crypto.

Meta-security analysts have found about 10 forms of malware masquerading as AI chatbot-related tools such as ChatGPT since March. Some of these exist as web browser extensions and toolbars (classic) – even available through nameless official web stores. The Washington Post reported last month about how this fake ChatGPT scam has been using Facebook ads as another way to spread.

Some of these malicious ChatGPT tools even have built-in AI to look like a legitimate chatbot. Meta then blocked over 1,000 unique links to the discovered malware iterations shared across its platforms. The company also has provided the technical background about how scammers gain access to accounts, including hijacking logged in sessions and preserving access – a method similar to what brought down Linus Tech Tips.

For any business hacked or shut down on Facebook, Meta a new support stream to fix them and access them again. Company pages generally succumb to hacking because individual Facebook users with access to these pages become targets of malware.

Now Meta is implementing new ones Meta Work Accounts that support existing, and usually more secure, single sign-on (SSO) credentials services from organizations that are not associated with a personal Facebook account at all. Once a business account is migrated, the hope is that it will be much harder for malware like the bizarre ChatGPT to attack.