Infostealer malware has led to havoc on the security of ChatGPT. With over 101,000 user accounts falling victim to data theft in the past year alone. According to data from dark web marketplaces, cyber intelligence firm Group-IB uncover a hundred thousand info-stealer logs on underground websites containing compromised ChatGPT accounts. The peak of this cyber attack was observed in May 2023 when threat actors posted 26,800 new ChatGPT credential pairs.
Asia-Pacific, Europe, and North America Most Affected From Infostealer
Between June 2022 and May 2023, the Asia-Pacific region suffered the most significant blow, with approximately 41,000 compromised ChatGPT accounts. Europe was the second most targeted region, with nearly 17,000 compromised accounts. Surprisingly, North America ranked fifth, with 4,700 affected accounts.
Infostealers: Targeting Valuable Credentials
Information stealers are a specific category of malware targeting account data stored within various applications. These malicious programs focus on extracting valuable information. This is done from email clients, web browsers, instant messengers, gaming services, cryptocurrency wallets, and more. In the case of ChatGPT, these malware variants extract stored credentials from web browsers’ SQLite databases. They exploit the CryptProtectData function to reverse the encryption of the stored secrets.
Once the information stealers have successfully collected the credentials and other valuable data, they package them into archives known as logs. These logs are then returned to the attackers’ servers for further exploitation.
The Significance of ChatGPT Accounts
ChatGPT accounts hold considerable importance due to their association with various types of valuable data. Apart from email accounts, credit card information, and cryptocurrency wallet details, these compromised accounts grant unauthorized access to AI-powered tools that have gained prominence among users and businesses. With ChatGPT allowing users to store conversations, accessing an account potentially provides threat actors. With insights into proprietary information, internal business strategies, personal communications, and even software code.
Group-IB’s Dmitry Shestakov remarks, “Many enterprises are integrating ChatGPT into their operational flow. Employees enter classified correspondences or use the bot to optimize proprietary code. Given that ChatGPT’s standard configuration retains all conversations, this could inadvertently offer a trove of sensitive intelligence to threat actors if they obtain account credentials.”
Impact on Companies and Prevention Measures
Concerns regarding the security of ChatGPT have prompted tech giants like Samsung to implement strict policies banning employees from using the tool on work computers. Failure to comply with these policies may result in employment termination. These measures reflect the potential risks associated with unauthorized access to sensitive information.
Group-IB’s data reveals a concerning trend, indicating a steady increase in stolen ChatGPT logs. The primary sources of these breaches are Raccoon Stealer, accounting for nearly 80% of all logs, followed by Vidar at 13%, and Redline at 7%.
Protecting Sensitive Data on ChatGPT
Users are advised to take precautions when inputting sensitive information into ChatGPT. This is to counter against infostealer. Two recommended steps are disabling the chat-saving feature within the platform’s settings menu or manually deleting conversations after usage. However, it is important to note that some information stealers capture screenshots or engage in keylogging, potentially compromising data security. Therefore, even if conversations are not saved within the ChatGPT account, malware infections can still lead to data leaks.
Furthermore, it is worth mentioning that ChatGPT has already experienced a data breach in which users could view other users’ personal information and chat queries. Consequently, individuals dealing with highly sensitive information should exercise caution and rely on locally-built and self-hosted tools that provide enhanced security measures rather than trusting cloud-based services.
Infostealer Malware – Recap
The widespread theft of ChatGPT accounts by info stealer malware has raised significant concerns regarding data security. Users and businesses must remain vigilant and adopt preventive measures to mitigate risks associated with information stealers.
