A new malware steals social media login credentials under the guise of ChatGPT

A. HUSSEIN

Kaspersky researchers have identified an ongoing malware campaign based on a new malware that exploits the growing popularity of the ChatGPT artificial intelligence-based chatbot. Cybercriminals distribute the malware through Facebook communities, providing a fake desktop version of ChatGPT. Instead of a bot, users receive a Trojan called Fobo that steals sensitive information such as login credentials to Facebook, TikTok, and Google accounts, as well as personal and corporate financial data.

Kaspersky researchers are targeting users of ChatGPT, a chatbot based on artificial intelligence, which in the past few months has attracted the attention of tech enthusiasts, creators and more. Scammers create groups on social networks that convincingly mimic the official accounts of the ChatGPT producer OpenAI, or appear to be communities of interested bots.

These scam groups publish official-looking posts that contain news about the service and promote malware that Impersonates the desktop version of ChatGPT.

Social Media Post Offering ChatGPT Demo Account

Users are prompted, once they click on the post, to a well-designed website that looks almost identical to the official ChatGPT website, which asks the user to download the so-called ChatGPT version for Windows. But this version is actually just an archive with an executable file. The installation process starts, but suddenly stops with an error message stating that the program could not be installed, so the user simply thinks that the program has not been downloaded or installed, and he forgets about it.

Fake ChatGPT webpage offering to download a desktop version of the chatbot

The installation of the Trojan is actually completed on the user’s machine without his knowledge, before this Trojan installs another stealing Trojan, Trojan-PSW.Win64.Fobo, on the device. This Trojan is designed to steal information about accounts saved in various browsers, including Chrome, Edge, Firefox, Brave, and others. Attackers are particularly keen on stealing cookies and login credentials from Facebook, TikTok and Google accounts, especially those related to organizations. The Trojan steals this data and tries to obtain additional information such as the amounts of money organizations spend on advertising and the current balances of accounts.

Kaspersky experts found that attackers target different parts of the world. The fake desktop version of ChatGPT attacked users in Africa, Asia, Europe and America.

For Kaspersky security expert Daria Ivanova, this ChatGPT campaign is a clear example of how criminals use social engineering techniques to exploit users’ trust in popular brands and services. She said: “Users should realize that the official appearance of a service does not mean a guarantee that it is official and real, so they should be careful and follow developments and protect themselves from these types of attacks.”

Information can be found Find out more about the Fobo Trojan on Kaspersky’s daily blog.

Kaspersky experts also recommend that users take the following measures to protect themselves and learn about new technologies in a safe way:

Exercise caution when downloading software from the Internet, especially if it is from a third party website. It is better not to download software except from the official websites of the companies or the services developed and produced for them.

Verifying the integrity of the website Before downloading software from it, by finding the padlock icon in the address bar, make sure that the website URL starts with the prefix https://.

Use strong, unique passwords for each account, and enable two-factor authentication whenever possible, to help protect accounts from being hacked.

Beware of suspicious links or emails from unknown sources; Fraudsters often use social engineering techniques to trick users into clicking on links or downloading malware.

Using a security solution Reliable and guaranteed to be kept up-to-date, Kaspersky Premium, for example, is provided with up-to-date information to help detect and remove any malware that may be on a user’s device.