New research discovered over 101,000 stolen ChatGPT accounts for sale on dark web markets over the past year, with threat actors using various information-stealing malware to take user credentials.
Global cybersecurity company Group-IB reports finding 101,124 ChatGPT login credentials in info-stealing malware logs on dark web marketplaces, with compromised accounts reaching 26,802 in May 2023 alone.
Researchers note a significant increase in ChatGPT accounts targeted in underground forums. Inforstealer malware Raccoon has compromised a majority of accounts (78,348), with logs containing credentials also coming from Vidar (12,984) and Redline (6,773).
The info-stealing malware has affected users worldwide, with Asia-Pacific seeing 40,999 compromised accounts, 24,925 in the Middle East and Africa, 16,951 in Europe, 12,314 in Latin America and 4,737 in North America.
The AI chatbot has grown in popularity due to its many features to help users and businesses compose written content such as emails, articles, social media posts and code. Each ChatGPT account stores each conversation, including user input and AI responses, which threat actors can exploit if an account has been compromised.
Stolen user accounts risk having personal conversations, sensitive business information, or confidential software code leaked in targeted attacks if attackers obtain these ChatGPT credentials.
“Many enterprises are integrating ChatGPT into their operational flow,” says Dmitry Shestakov, Head of Threat Intelligence at Group-IB. “Employees enter classified correspondences or use the bot to optimize proprietary code. Given that ChatGPT’s standard configuration retains all conversations, this could inadvertently offer a trove of sensitive intelligence to threat actors if they obtain account credentials.”
Due to the rise in stolen ChatGPT accounts, it is recommended to turn on two-factor authentication (passkeys are an upcoming form of protection, too) and update passwords to stop attackers from gaining access to compromised accounts.
What is infostealer malware?
Information-stealing malware is a type of malware that gathers information on an infected device to send to a threat actor. It targets login credentials saved in browsers, browsing history, credit card and crypto wallet information, location data, device information, emails, social media platforms and instant messaging clients such as Discord or Telegram.
Stolen data is collected in logs and sent to the attacker. This information can be used to access user accounts or find out personal details about a user and is often put up for sale on dark web markets.
Infostealers can use keylogging to record what a user types on a device, web injection scripts that add fields on forms to sneakily send information to the attacker and cookies to steal saved passwords.
Like most malware, like spyware or Trojans, infostealers are distributed through phishing emails, fake websites, dodgy ads on web pages and more. Because they can be hard to detect, it’s a good idea to set up the proper protection on your device.
Use antivirus software to protect your device
The best antivirus software can help detect and protect you from all types of malware, including infostealers.
Many AV come with a suite of security features that can get rid of virus, malware, ransomware, spyware or any malicious software that burrows into your device or web browser. Some antivirus software, such as Bitdefender, offers security subscriptions specifically for devices such as a PC, iPhone or Android, making it a more cost-effective option.
- Norton 360 Platinum review: Security multiplied
- Bitdefender review: All-in-one premium security
- Avast One review: Strong antivirus for free!
Perform a safety check
1. On Google Chrome, click on the three vertical dots in the upper-right corner and select Settings.
2. Select Privacy and security in the right-hand toolbar.
3. Under Safety check, click Check now (or the arrow to perform it again).
If Chrome finds any issues, you’ll be able to tap on the option and follow the instructions to see how to handle the it. For those who don’t want to give malware hiding on web pages any chances, you can also turn on Advanced protection.
1. In Privacy and security, click on Safe Browsing under Safety Check (or Security under Privacy and security).
2. Select Enhanced protection to turn it on.