Meta has released its security report for the first quarter of this year, stating that in March alone, there were approximately 10 malicious program families impersonating popular tools like ChatGPT to steal victims’ accounts.
Meta’s security report focuses on protecting its social media platforms and its users. Therefore, its main content includes the removal of spy networks such as Pakistan APT, Bahamut APT, and Patchwork APT, as well as the removal of disinformation networks originating from Iran, China, the United States, Venezuela, and Togo.
The investigation into these Advanced Persistent Threats (APTs) organizations revealed that hackers are using popular ChatGPT to attract victims and spread malicious programs through browser extensions, advertisements, or social media platforms. For example, hackers provide multiple ChatGPT-based tools in the official application marketplace of web browsers and promote related extensions through advertisements on social media or search engines. These extensions indeed offer ChatGPT functionality, but they also contain malicious code.
Meta stated that hackers attempted to use their platforms to share malicious websites, leading the Meta security team to block over 1,000 different URLs disguised as ChatGPT in that quarter. The hackers’ intention was to acquire victims’ credentials for social platforms or online businesses to execute unauthorized advertising.