Cybercriminals are exploiting the popularity of OpenAI’s ChatGPT and Google’s Bard to spread malware and steal sensitive data. The attackers are hijacking Facebook business or community pages with thousands of followers, then posting sponsored ads that offer free downloads of alleged ChatGPT and Google Bard software.
According to a report from Veriti, a unified security posture management platform, unsuspecting visitors fall into the trap and download the malicious files, which then unleash the RedLine information-stealing malware on their devices.
“This method of attack has proven to be particularly effective in spreading malware and gaining access to sensitive information, as dozens of Facebook business accounts have already been hijacked for these purposes,” Veriti said.
RedLine Stealer is a malware-as-a-service sold on dark web forums that targets browsers to collect user data from compromised devices. According to Veriti, this type of service provides even less tech-savvy individuals the means to carry out sophisticated cyber attacks. Once the RedLine Stealer malware is triggered on the infected device, it can steal passwords and download further malware onto that device.
“After purchasing and deploying the malware, customers sell the stolen data in dark web forums to cybercriminals specializing in online fraud, enabling them to focus on their illicit business model,” Veriti added. “Malicious actors increasingly use the Telegram messaging app to purchase and deploy RedLine Stealer malware. It provides greater anonymity and encryption for their activities.”
Researchers advise enterprises to update their cybersecurity systems and educate employees about the dangers of downloading files from malicious sources.
“Protecting your organization from malware-as-a-service campaigns such as Redstealer requires a comprehensive approach to cybersecurity,” Veriti said. “Educating employees on the risks of downloading and opening files from unknown sources is crucial. Employee training and awareness should be coupled with robust security configurations that complement an organization’s cybersecurity protections.”