While security teams are leveraging the capabilities of generative AI to simplify and accelerate their security operations, the adoption of LLMs has opened opportunities for cybercriminals to launch easier and even more persistent cyberattacks. One such attack has recently come to the notice of researchers, which enabled threat actors to distribute profile-stealer via LLM-themed Facebook Ads.
Infection process
The infection vector involves creating fake profiles on Facebook and using paid promotions to push fake advertisements from marketing companies or departments.
- These advertisements lure users to click on a link with a promise of productivity boosts, increased reach and revenue, and assistance in teaching, all with the help of AI. Some of the lures promised access to Google Bard or Meta AI.
- When users click on the link, they are redirected to a website containing an installer for the AI package, which is actually a malicious file.
- Once executed, the installer drops several files on the Chrome extension designed to steal Facebook cookies and access tokens, which are then used to request additional information from Facebook’s GraphQL.
Targets
Going by the keywords and variables noticed within the malicious script, researchers believe that Vietnamese threat actors could be behind the attack. Trend Micro suggests that the threat actors' main goal is to target and infect business social networking managers, administrators, and marketing specialists.
Recent AI-related crimes
- Sophos observed a growing trend of a unique CryptoRom scam that utilized generative AI chat tools to lure and interact with victims to install and fund a fake crypto-trading app.
- In a separate incident, threat actors introduced a FraudGPT tool on dark web forums, capable of designing spear-phishing emails, generating cracking tools, and facilitating carding activities.
- A new generative AI cybercrime tool called WormGPT was also spotted, allowing adversaries to launch sophisticated phishing and BEC attacks. The tool automates the creation of highly convincing fake emails personalized to the recipient, increasing the chances of success of the attack.
Stay safe
To prevent falling victim to the ongoing attack campaign, Facebook users are advised to exercise caution when interacting with advertisements, especially those promising access to AI packages or exclusive features. Additionally, businesses are encouraged to educate their employees about the potential risks of social media ads and implement security measures such as multi-factor authentication to protect their accounts.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/2cb5_shutterstock_2289090177.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_432177085.jpg)
