Generative Artificial Intelligence (GenAI) – The Cybercriminal’s New Weapon?

Few technologies have had as significant an impact in recent years as Generative AI (GenAI). However, as with all advancements, disruptive technology like GenAI also attracts unwelcome attention from cybercriminals looking for new strategies for their illicit activities. Particular focus has been given to the misuse of advanced technologies like ChatGPT to assist fraudsters in crafting more convincing phishing messages, producing malicious code, or probing for weaknesses in security systems.

Less discussed, however, is how cybercriminals leverage GenAI tools as decoys, serving as handy hiding places for devious malware. We have seen instances where this trick was used, urging users to try what seemed to be a legitimate AI tool, only to find out it was a malicious imposter tool in disguise.

Seeing as such techniques are not losing momentum, it becomes crucial to acquaint ourselves with these threats, detect the red flags, and safeguard our digital identity and personal resources from falling prey.

Unveiling Cybercriminals’ Modus Operandi

Clever in their methods, cybercriminals employ several devious strategies to persuade unwitting users into installing their malware-laden GenAI applications:

Phishing Sites

Throughout the second half of 2023, over 650,000 attempts were noted at accessing malicious domains with names similar to “chapgpt.” Victims would often stumble upon these rigged traps either through links on social media or received via emails and text messages. Such phishing pages sometimes even house links to download malware disguised as GenAI software.

Browser Extensions

Reports from 2024 showed an incident of users tricked into installing a devious browser extension, believing they were about to access OpenAI’s Sora or Google’s Gemini via Facebook ads. Surprisingly the extension was a notorious infostealer “Rilide Stealer V4”, designed to steal users’ Facebook credentials.

“Rilide Stealer masquerading as a Chrome browser extension”

In the year from August 2023, over 4,000 attempts were recorded of users trying to install the hazardous extension. Other sinister extensions assert to deliver GenAI functionality while simultaneously housing malware.

Fake Apps

Reports surfaced of fake GenAI apps featured prominently on mobile app stores, swarming with malware. Some are filled with vicious software designed to filch confidential information from the user’s device, including login credentials, identity details, financial information, and beyond. They also inflict the user with a flood of ads, demand in-app purchases, or draw subscriptions for nonexistent services at best or extremely poor quality.

“This fake ChatGPT web app sends OpenAI API keys to its own server”

Misleading Ad Campaigns

Miscreants capitalize on the global interest in GenAI tools by luring victims into clicking on harmful ads, with Facebook being particularly popular. Following their click, users are redirected to download the latest version of enticing GenAI tools, only to unknowingly download an Infostealer malware.

Splash screen displayed by Vidar Infostealer installer, impersonating Midjourney

The primary danger associated with downloading a counterfeit GenAI app on your device or a website, resulting in the installation of malware, involves the theft of vital information. These info-stealer malware have their eyes on your online account credentials, stored credit card data, session cookies (to get around multifactor authentication), assets secured in crypto wallets, data exchanged over instant messaging apps, and more. Other risks plaguing the victim might include hackers gaining full remote control over their device, identity fraud, unauthorized credit lines, and drain of bank accounts or crypto assets.

Avoiding GenAI Lures: Dos and Don’ts

* Only install apps from authorized app stores: Stick to Google Play or the Apple App Store for app downloads, as they boast thorough vetting processes and consistent monitoring to weed out harmful apps.
* Ensure legitimacy before clicking on digital ads: Directly search for the app in the official app store instead of clicking on ads to make sure you download the legitimate version.
* Enable multi-factor authentication (MFA) for online accounts: MFA introduces an extra layer of security to your online accounts by requiring multiple levels of verification.
* Use comprehensive security software from trustworthy vendors: Install dependable security software on your devices to provide real-time protection against malware, phishing attempts, and other threats.
* Patiently wait for official releases: Verify the availability of a new version of a GenAI tool through official channels before downloading it. Check the official website or reliable news sources to confirm the release.

GenAI is a remarkable technological feat driving a rapid transformation around us. But, like everything else, it’s crucial to stay informed of the potential threats that accompany it. Stay smart, stay safe, and keep your digital life secure.

Need security services for your WordPress site? Contact DrGlenn for protection and recovery. Order Services Today!.