Since March, Meta has discovered over 1,000 sites peddling malware-laced ChatGPT-themed software, and eleven malware families masquerading as ChatGPT and other similar applications to breach user accounts.
Many of the scams use bogus browser extensions laced with malware to steal Facebook users’ login information, resulting in account lockouts and takeovers. They pretend to have ChatGPT-like functionality in order to breach user accounts throughout the internet.
Once installed, the extensions often have the ability to siphon out any gathered user data, such as passwords and credit card information. Some of these extensions contain legitimate ChatGPT functions that coexist with the malware. However, because the campaigns begin outside of Meta’s platforms, Meta has no direct visibility into how many people have been impacted by the malicious tools.
Meta has alerted its industry partners, including file-sharing services, about the fraudulent domain names hosting the virus, so that the files may be removed. Guy Rosen, Meta’s chief information security officer, stated that bad actors rely on individuals working in silos while targeting others over the internet.
The sources for this piece include an article in Axios.