The rising popularity of artificial intelligence platforms such as ChatGPT and Google Bard has caught the attention of cybercriminals looking for ways to propagate malware. One such recent attack campaign was found distributing RedLine stealer onto targeted systems.
The infection chain starts with hackers purchasing the stealer malware from a dark web forum.
- The malware is disguised as free downloads for GhatGPT or Google Bard files, promoted via fake posts on Facebook.
- Threat actors leverage compromised Facebook business or community accounts to promote these fake posts.
- These posts are designed to appear legitimate and use the buzz around Open AI language models to trick users into downloading files. This ultimately causes the execution of the malware in the final stage.