May 3, 2023 - Technology

Meta finds more than 1,000 domains sharing ChatGPT-themed malware

Illustration of a small Meta logo under a magnifying glass surrounded by a larger, out of focus version

Illustration: Sarah Grillo/Axios

Meta has flagged more than 1,000 domains since March that are distributing malware-laced, ChatGPT-themed tools, according to a report released Wednesday morning.

Why it matters: Online scammers are hitching a ride on the hype around ChatGPT and other AI tools to target unwary users who want to try out the new technology.

Driving the news: Meta said in its quarterly security report that since March, the company has uncovered 10 malware families posing as ChatGPT and other similar tools to compromise user accounts across the internet.

  • To do this, operators are offering fake browser extensions in app stores that claim to have ChatGPT-esque functions. Once the browser is installed, the extensions are typically able to siphon off any collected user data, such as passwords and credit card information.
  • Some of those extensions have actual working ChatGPT functions living alongside the malware, Guy Rosen, chief information security officer at Meta, told reporters ahead of the report's release.
  • Meta has reported the malicious domain names hosting the malware to its industry partners, including file-sharing services, so they can remove files, Rosen said.

What they're saying: "Malware operators, just like spammers, are very attuned to what's trendy at any given moment," Guy Rosen, chief information security officer at Meta, told reporters. "They latch onto hot button issues, popular topics, to get people's attention."

The intrigue: Meta's researchers have spotted operators behind the ChatGPT-themed malware apps switching to other themes whenever their original scam is detected, such as Google's competing Bard service or TikTok marketing support.

  • "Bad actors are counting on us to work in silos while they target people far and wide across the internet," Rosen said.

Yes, but: Meta doesn't have direct visibility into how many people have been impacted by the malicious tools, since the campaigns start outside of Meta's platforms.

What's next: Meta plans to roll out new protections for users and businesses against malware targeting their accounts.

  • Meta is launching one of those tools Wednesday: A step-by-step guide to help business accounts remove malware from their systems, as well as new administrator capabilities to stop malware operators from adding themselves as an administrator to business pages.
Go deeper