If you spot a ChatGPT app or browser extension on Facebook, be careful: It could be malware.
Facebook’s parent Meta today warned about an uptick in malware disguised as ChatGPT-related software. “Since March alone, our security analysts have found around 10 malware families posing as ChatGPT and similar tools to compromise accounts across the internet,” Meta said in a report(Opens in a new window).
The malicious activity prompted Meta to block over 1,000 links to ChatGPT-related malware on its services, which also include Instagram and WhatsApp. Meta says it notified “industry peers, researchers, and governments” about the links, too.
ChatGPT malware on the Chrome Web Store.
(Credit: Meta)
Meta says the malware can pose as browser extensions designed to work with ChatGPT. These browser extensions can be uploaded to official web stores, making them look legit.
“In fact, some of these malicious extensions did include working ChatGPT functionality alongside the malware,” the company added. So even if the app or extension does offer a real chatbot experience, don’t assume it’s safe to use.
ChatGPT malware on the Chrome Web Store.
(Credit: Meta)
Meta says(Opens in a new window) the goal behind the ChatGPT-themed malware is “to run unauthorized ads from compromised business accounts across the internet.” One of the identified malware strains, dubbed NodeStealer, can also steal passwords from a victim’s computer by looting the cookies and login information on the browser.
Other ChatGPT-themed malware arrived through ads or links to other third-party websites. Meanwhile, the malware itself could be hosted through services including Dropbox, Google Drive, Mega, MediaFire, Discord, Atlassian’s Trello, Microsoft OneDrive, and iCloud.
Recommended by Our Editors
It’s no surprise hackers are pouncing on ChatGPT; cybercriminals often target the latest trends, including hit movies or games, to craft their attacks. It also helps that ChatGPT’s developer, OpenAI, has yet to release a dedicated mobile app or browser extension for the AI chatbot.
An example of the ChatGPT malicious download.
(Credit: Meta)
Hence, users should just visit the official ChatGPT domain(Opens in a new window) for access. Or they can try the new AI-powered Bing, which also taps the same AI algorithms. Otherwise, if you want to use a third-party browser extension for ChatGPT, it’s best to look closely at the developer’s web page and user reviews to check whether the program is authentic.
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Hits: 0
