HQ/EMEAFind out how we can help your business
Threat actors have used ChatGPT in their recent campaign to deploy the RedLine stealer onto targeted systems. The growing trend of artificial intelligence has attracted numerous threat actors looking for methods to propagate their malware strains.
According to reports, the infection begins after the hackers purchase the stealer malware on a dark web market. The malware developers then disguise the malware as free downloads for Google Bard or ChatGPT files. In addition, they promote these malicious files through fake social media promotions.
The threat actors exploit compromised Facebook business and community accounts to endorse fake posts and ads. They also design these posts to appear legitimate and utilise the buzz around Open AI language models to trick targets into downloading the compromised files. This strategy will ultimately lead to malware execution in its final phase.
The RedLine stealer spreads via hijacked social media business accounts.
The malware operators hijacked numerous Facebook business accounts in more than ten countries to infect users with the RedLine stealer.
The most affected users were from Greece, India, the US, Mexico, and Bangladesh.
Researchers explained that the sudden surge of AI-based cyberattacks is because of user misuse from malicious downloads. In a recent incident, adversaries have deployed fake ChatGPT Chrome extension to target thousands of users with Facebook Ads accounts with stealer malware.
Another incident also showed that the actors impersonated the official website of ChatGPT to compromise users with numerous malware strains, such as Aurora Stealer, Lumma Stealer, and Clipper malware.
Researchers claim that these attack strategies efficiently propagate malware and acquire access to sensitive data. Furthermore, threat actors could obtain trust followers’ trust and misguide them into downloading malware by controlling legitimate business pages that have many followers.
Therefore, users and employees should know the risk of opening and downloading files from unknown sources to mitigate the risk of exposure to such campaigns.
Cybersecurity experts suggest that users employ anti-malware analysis and firewalls with enforced strict policies to limit the download of executables that could prevent attackers from causing damage to systems.
