
The growing popularity of ChatGPT and Google Bard has caught the attention of the threat actors leveraging to propagate malware. The recent attack campaign was found distributing RedLine stealer onto targeted systems.
The infection chain begins with hackers purchasing the stealer malware from a dark web forum.The malware disguises as free downloads for ChatGPT or Google Bard files, promoted via fake Facebook feeds. Threat actors leverage compromised Facebook business or community accounts to promote these fake posts.
The feed appears as legitimate and uses the buzz around Open AI language models to trick users into downloading files. This ultimately causes the execution of the malware in the final stage.
Threat actors hijacked dozens of Facebook business accounts in at least 10 countries to infect users with the Redline stealer malware. The highest number of impacted users are in Greece, followed by those in India, the U.S. Mexico, and Bangladesh.
Through taking control of legitimate business pages, attackers can gain the trust of the followers and misguide them to download malware onto their systems.
To reduce the risk of exposure to such threats, users and employees must be educated on the risk of downloading and opening files from unknown sources. Additionally, enabling anti-malware analysis and firewalls and enforcing strict policies to limit the download of executables can prevent attackers from causing further damage.