As the brouhahas over adding AI browser extensions and tools continue, threat actors are leveraging the hype around AI by getting users to install fake or compromised extensions that could steal their internet credentials.
Since March, security analysts have found around 10 malware families posing as ChatGPT, some available in official web stores, to compromise accounts across the internet, Meta, in its security report for Q1 2023, said.
Over 1,000 URLs promising ChatGPT functionality have been detected and blocked. These links with ChatGPT functionality were found to be leveraging services including those from Meta, LinkedIn, browsers like Chrome, Edge, Brave, and Firefox, link shorteners, file-hosting services like Dropbox and Mega, and more to distribute the malicious links, Meta said.
Some of these malicious AI tools even had working ChatGPT functionality alongside the malware, enabling them to persist in users’ devices without raising suspicion.
(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)
While this is not unique, cybercriminals have used similar tactics in the past. Using the interest in crypto, digital currency, and other popular topics to target users.
Threat actors were found to have switched tactics and leveraged interest around Google Bard and TikTok marketing support to increase their scope of attacks and avoid detection.
Earlier in March, OpenAI started offering its API for its AI-powered Chatbot ChatGPT and the speech-to-text model Whisper to developers.
Later that month, reports of a fake ChaptGPT Chrome extension emerged. The fake extension was found targeting Facebook accounts with attackers having copied the legitimate add-on for Chrome named “ChatGPT for Google” that offered integration in search results.
The malicious version had an additional code to steal Facebook session cookies, a report from cybersecurity firm Guardio said.
