Fraudsters use OpenAI authority to promote on Facebook

Cybercriminals distribute fake versions on Facebook* ChatGPT, Google bardMidjourney and Jasper, which are designed to steal passwords, cryptocurrency wallets and other sensitive information.

New malware campaign discovered by Check Point Research (CPR) , is that attackers create fake pages or groups of popular companies, publish attractive content and then encourage users to click on links containing malware. Many of the fake pages offer tips, news, and improved versions of Google Bard or ChatGPT chatbots. Users are often unaware that this is fraud.

Examples of scam posts

The malware in this campaign is designed to steal various types of information from all major browsers, including cookies (cookie), bookmarks, browsing history and passwords. The malware also targets cryptocurrency wallets and steals FTP accounts from Filezilla and sessions from various social networks and gaming platforms.

The stolen data is combined into one archive and uploaded to a file hosting service gofile. The infostealer then sends a message to Discord with information about all the collected data, along with a link to access the stolen data archive.

Growing public interest in AI-based solutions has led attackers to start using this trend to spread malware. This surge in hacking activity can be attributed to the expanding shadow markets where Initial Access Brokers (Initial Access Brokers, IAB) specialize in acquiring and selling access to compromised systems.

* Meta and its products (Instagram and Facebook) are recognized as extremist, their activities are prohibited on the territory of the Russian Federation.