Meta was pleased to announce their latest efforts in identifying and preventing malware campaigns that targeted business users. The company's security teams used a range of methods to combat malware, including malware analysis, continuous improvement of detection systems, product updates, community support, and education.
It has also shared threat information with other companies, and has taken legal action against threat actors. These combined efforts limited the lifespan of any single malware strain and increased the cost for malicious groups, which forced them to invest more resources in constantly adapting their tactics.
As it had observed many malware campaigns hosted outside of social media, Meta encouraged people to exercise caution when downloading software or files from the internet. The company also shared additional security tips in their newsroom.
Before discussing NodeStealer, a new malware family they recently discovered, Meta shared the latest trends they had observed in the malware threat landscape. Its research showed that many malware campaigns used custom-built tooling to target business users on particular internet services.
Malicious groups had become very adaptive to disruptions and were spreading across multiple internet services to ensure a complex, multi-pronged malware campaign could withstand takedowns by any one service.
Meta illustrated this point with an example of a long-running malware family called Ducktail, which had been evolving for several years as a result of enforcements by Meta and industry peers. Ducktail targeted multiple platforms across the internet, including LinkedIn, various browsers, and file-hosting services. Ducktail had adapted to the company's continued detection and mitigation efforts by granting business admin permissions to requests for ad-related actions sent by attackers.
Similarly, malware operators used popular trends and issues to attract people's attention and trick them into clicking on malicious links or downloading malware. The company investigated and took action against several malware strains that took advantage of people's interest in OpenAI's ChatGPT to trick them into installing malware pretending to provide AI functionality. It also discovered around ten malware families using ChatGPT and similar themes to compromise accounts across the internet.
Malware operators used cloaking to circumvent automated ad review systems and leveraged popular platforms such as social media, file-sharing services, and even official web stores to distribute their malware. Meta blocked over 1,000 unique ChatGPT-themed malicious URLs from being shared on its platforms and shared them with industry peers. Public reporting and blocking of these malicious strains forced their operators to rapidly evolve tactics to stay afloat.
You can learn more about cybercriminals distributing fake ChatGPT apps to push malware and security reasearchers and white-hat hackers fighting back.