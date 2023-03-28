CloudSEK's investigation has uncovered 13 compromised Facebook pages and accounts, which have over 500,000 followers. The oldest instance of such a hijacking dates back to February 13 and pertains to a page with over 23,000 followers. Researchers observed that the actors also targeted newly created accounts, some of which were as young as 0 days old.

Cybercriminals are exploiting the popularity of ChatGPT to spread malware through hijacked Facebook accounts, cyber intelligence firm CloudSEK said on Monday.

CloudSEK in its investigation discovered that previously compromised data, phishing techniques, and stealer logs are being used to infiltrate existing Facebook accounts and pages.

Once they are compromised, they are used to distribute malware via various channels such as Trello boards, Google Drive, and individual websites embedded in Facebook ads. The ads contain a password to lend credibility to the scam and are designed to appear legitimate, containing all the necessary details to convince unsuspecting users.

Infection chain - compromised Facebook accounts spreading malware (Image: CloudSEK)

Running Facebook ads via compromised Facebook accounts (Image: CloudSEK)

The report also highlights the repeated use of a specific video to attract and engage the audience across the majority of the compromised accounts. This pattern suggests that this campaign is most likely the activity of a distinct group of threat actors or an individual threat actor.

"The malicious malware is not only capable of stealing sensitive information such as PII, system information, and credit card details from the user's device, but also has replication capabilities to spread across systems through removable media. With the ability to escalate privileges and persistently remain on the system, it poses a significant threat," said Bablu Kumar, Cyber Intelligence Analyst, CloudSEK.

The report provides details of the threat actors and the Trello cards used by them to disseminate malware. CloudSEK's findings highlight the need for individuals and organisations to remain vigilant and take proactive measures to protect their systems and networks.