Reports from Facebook's parent company Meta on Wednesday have it that hackers are using ChatGPT-themed lures to spread malware dubbed Ducktail across Facebook, Instagram, and WhatsApp. The company said that since March 2023, its security team has uncovered 10 malware families using ChatGPT and similar themes to deliver malicious software to users’ devices.
Meta’s security engineers Duc H. Nguyen and Ryan Victory, in a blog post, wrote: “In one case, we’ve seen threat actors create malicious browser extensions available in official web stores that claim to offer ChatGPT-based tools. They would then promote these malicious extensions on social media and through sponsored search results to trick people into downloading malware”. Meta has successfully blocked the malicious link that pointed to fake ChatGPT-themed pages that host and deliver malware.
Ducktail malware enables threat actors to steal browser cookies and hijack logged-in Facebook sessions to steal information from the victim’s account, including account information, location data, and two-factor authentication codes. The malware can enable a possible takeover of a Facebook Business account the victim had access to. Ducktail malware is a product of threat actors operating from Vietnam. Meta added that they have issued cease-and-desist letters to the individuals behind the Ducktail malware attack and have also notified law enforcement.
A similar malware dubbed NodeStealer, also coming from threat actors in Vietnam, was discovered by Meta security researchers in January. Much like Ducktail, NodeStealer malware targets Windows-based browsers, with the ultimate aim of stealing cookies and saved login details to compromise Facebook, Gmail, and Microsoft Outlook accounts.
Meta has beefed up its social platforms' security by adding new features to help business users of its products better fend off malware attacks. The features include a new supporting tool that guides people step-by-step through identifying and removing malware and new controls for business accounts to manage, audit, and limit who becomes an account administrator.
By incorporating the "hide VPN" feature and strengthening its security toolkit, Meta demonstrates its commitment to fortifying the protection of its users' data and privacy. These advancements serve as a testament to Meta's ongoing dedication to creating a safer and more secure environment for its business clientele.