Pakistan: ‘ChatGPT scam’: 500,000 Facebook accounts at risk of financial fraud; hackers from Pakistan and these countries – Times of India

Recently, there was a report that hackers are using AI-generated videos on YouTube to dupe users. Now a new report suggests that these hackers may have also infiltrated Facebook accounts and pages using the same modus operandi. These compromised accounts and pages are being used to distribute malware through various channels, such as Trello boards, Google Drive, and various individual websites, that are embedded in Facebook ads.
According to the report, these ads are designed in such a way that they appear legitimate, containing all the necessary details to appear convincing to unsuspecting users. The download link is accompanied by a password to lend further credibility to the scam. Furthermore, compromised accounts can also result in the theft of personally identifiable information (PII) and sensitive details such as payment information, etc. Semrush, SMIT, Evoto, and OBS Studio are a few other websites targeted in a similar manner.
The research company says that its investigation has found the presence of 13 Facebook pages/accounts (totaling over 500K followers) that have been compromised and are being used to disseminate the malware via Facebook ads. The oldest instance of such a hijacking dates back to February 13 this year and pertains to a page with over 23,000 followers.
How the ‘ChatGPT’ Scam works
After taking over a Facebook account or page, the hackers modify the profile information to make it appear as if it is an authentic ChatGPT page. This involves using the username “ChatGPT OpenAI” and setting the ChatGPT image as the profile picture. These accounts are then used to run Facebook ads offering links to the “latest version of ChatGPT, GPT- V4” which, when downloaded, deploys a stealer malware into the victim’s device.

The circulated malware is capable of stealing sensitive information from the user’s device, including but not limited to PII, system information, credit card details, etc. The report further adds that the malware also has replication capabilities, which makes it easier to spread across systems through the means of removable media. Additionally, the malware can escalate privileges and has persistent mechanisms that enable it to remain on the system and gain further leverage.
Hackers from Pakistan and other countries
The report claims that despite the original pages catering to diverse nationalities across various countries, a majority of the compromised Facebook accounts were being managed by individuals hailing from Vietnam, the Philippines, Brazil, Pakistan, and Mexico.