Meta Malware impersonating ChatGPT is increasing and has blocked many links

News on May 4th: On Wednesday, local time in the United States, social media giant Meta issued a warning that malware attackers are increasingly inclined to spread software to multiple platforms, or to harm a single technology. It’s harder for companies to detect their malicious activity. However, the company said it believes this shift in strategy is just a sign that industry efforts to combat malware attacks are working, and it is promising more resources and protections for business users with the goal of further raising the bar for attackers to launch attacks.

On Facebook, Meta now adds new controls for business accounts to manage, audit, and limit who can become an account administrator, who can add additional administrators, and who can perform sensitive actions such as Access credit limit. The goal is to make it harder for attackers to use some of their most common tactics. For example, a malicious actor could take over the accounts of an individual who is employed by or otherwise connected to the target company, and then could add the compromised account as an administrator on the business page.

In addition, Meta will launch a step-by-step guide tool to help enterprises mark and remove malware on their corporate devices and recommend the use of third-party malware scanners. The company said it has seen a pattern in which users' Facebook accounts are compromised, the owner regains control, and then the account is compromised again because the target's device is still infected with the malware or has been reinfected.

Meta security policy director Nathaniel Gleicher said: "This is an ecosystem-level challenge, and adversaries are very adaptable. What we are seeing is that adversaries are really adaptable. efforts, but the defenders are equally organized. We are not just targeting individual malicious actors, but we are employing many different tactics to counter them and make their attacks more difficult to succeed."

Attackers span multiple There are many benefits to a platform distributing malware. They can post ads on social networks such as Facebook. These ads do not directly contain malicious content, but link to fake creator pages or other profiles. On these sites, an attacker can post a special password and link it to a file-sharing service like Dropbox or Mega. They can then upload the malicious files to the hosting platform and encrypt them using the previously mentioned password to make them harder for companies to scan and flag. In this way, victims are led through a series of legitimate-looking services, eventually falling into a trap. And no website can fully understand all the steps of an attack.

In recent months, public interest in generative AI chatbots such as ChatGPT and Bard has grown. Meta said the attackers have incorporated this topic into their malvertising, claiming to provide access to these and other generative AI tools.

Meta said that since March 2023, the company has blocked more than 1,000 malicious links used for generative artificial intelligence theme bait and banned them from being shared on Facebook or other Meta platforms, and The URL was shared with other technology companies. Additionally, Meta reported multiple browser extensions and mobile applications associated with these malicious activities.

Meta said that more and more attackers are using the known malware Ducktail technology to try to contact more victims and take over Facebook business accounts to spread more malicious ads. Meta blamed the Ducktail attack on attackers in Vietnam and issued cease-and-desist letters to specific individuals and reported the activity to law enforcement.

In late January this year, Meta also discovered a new type of malware, NodeStealer, which mainly targets Windows browsers. It can record the victim's username and password, steal cookies, and use this data to invade Facebook accounts, Gmail account and Outlook account. Meta also blamed the attack on Vietnamese attackers and quickly submitted removal requests to hosting providers, domain name registrars and other partners. The company said the measures appear to have been effective and it has not detected new NodeStealer samples since February 27. "Adversaries expect us to work in silos across companies, unable to follow them from one platform to another," said Nathaniel Gleicher, director of security policy at Meta. ." He added that in order to make it more difficult for attackers to launch attacks, Meta also engages in public disclosure and information sharing with other companies and law enforcement agencies, in addition to adding new features for users, expanding automatic detection capabilities and taking direct action against attackers.

“The more platforms that need to be coordinated, the more complex the defense becomes,” Gletcher said. “But the more dispersed an adversary’s operations are, the more they have to make all these different platforms work together, and the greater the number of victims. Come less and less. The more we force them to disperse their attacks, the higher the price the opponent will pay."

The above is the detailed content of Meta Malware impersonating ChatGPT is increasing and has blocked many links. For more information, please follow other related articles on the PHP Chinese website!