In its quarterly online threat report, Meta noted, on May 3, 2023, an increase in malware posing as Generative AI tools. “For cybercriminals, ChatGPT is the new scam, after crypto,” summarized Guy Rosen, head of security at Meta.
“Since March, our analyses have identified ten malware groups posing as ChatGPT or similar interfaces in order to compromise online accounts,” he added.
This malware comes in the shape of browser extensions, claiming to contain AI tools or facilitate their use. “Some of them actually included them, probably to seem legitimate in the eyes of download platforms and users,” explains Guy Rosen.
Meta reports blocking over a hundred links to over a thousand malicious websites. The company also claims to have prevented the posting, on Facebook and Instagram, of ads and other content leading to this malware. According to Meta, these attacks stand out with their high level of sophistication. Moreover, while some strike “blindly”, others specifically target senior executives.
In order to deal with these more complex threats, Meta recommends industry players collaborate and exchange knowledge and good practice. “Criminals want us working with a silo mentality, while they target people all over the internet,” the company pointed out.