The rising popularity of artificial intelligence platforms such as ChatGPT and Google Bard has caught the attention of cybercriminals looking for ways to propagate malware. One such recent attack campaign was found distributing RedLine stealer onto targeted systems.
Infection process
The infection chain starts with hackers purchasing the stealer malware from a dark web forum.
- The malware is disguised as free downloads for ChatGPT or Google Bard files, promoted via fake posts on Facebook.
- Threat actors leverage compromised Facebook business or community accounts to promote these fake posts.
- These posts are designed to appear legitimate and use the buzz around Open AI language models to trick users into downloading files. This ultimately causes the execution of the malware in the final stage.
Impact
- Threat actors hijacked dozens of Facebook business accounts in at least 10 countries to infect users with the RedLine stealer malware.
- The highest number of impacted users are in Greece, followed by those in India, the U.S. Mexico, and Bangladesh.
The rise in misuse of AI platforms
Multiple other AI-assisted cyberattacks have been reported in the recent past.
- In one incident, a fake ChatGPT Chrome extension was used to target thousands of users with Facebook Ads account stealer malware.
- In another incident, threat actors mimicked the official site for ChatGPT to infect users with several notorious malware like Lumma Stealer, Aurora Stealer, and clipper malware.
Why it matters
Researchers claim that such attack methods are effective in spreading malware and gaining access to sensitive information. By taking control of legitimate business pages, attackers can gain the trust of the followers and misguide them to download malware onto their systems.
Conclusion
To reduce the risk of exposure to such threats, users and employees must be educated on the risk of downloading and opening files from unknown sources. Additionally, enabling anti-malware analysis and firewalls and enforcing strict policies to limit the download of executables can prevent attackers from causing further damage.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/015d_shutterstock_2025213533.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/a9a9_shutterstock_1691146054.jpg)
