- Group-IB identifies 101,134 stealer-infected devices with saved ChatGPT credentials, with 26,802 in May this year.
- Egypt, Morocco, and Algeria top the list in the Middle East and Africa but India has the highest globally, followed by Pakistan and Brazil.
- Group-IB advises users to update their passwords regularly and implement two-factor authentication.
Cybersecurity intelligence firm Group-IB has found that the Middle East and Africa (MEA) region experienced the second highest concentration of stealer-infected devices with saved ChatGPT credentials being offered for sale on illicit dark web marketplaces over last year.
Between June 2022 and May 2023, the firm identified 101,134 stealer-infected devices with saved ChatGPT credentials, with 26,802 in May this year.
According to Group-IB’s findings, the Asia-Pacific region has experienced the highest concentration.
MEA had 24,925 stealer-infected devices with saved ChatGPT credentials after Asia-Pacific’s 40,999.
In the region, Egypt, Morocco, Algeria, Turkey, and Kenya topped the list with the highest number of stealer-infected devices that had saved ChatGPT credentials.
Group-IB’s analysis of underground marketplaces revealed that the majority of logs containing ChatGPT accounts have been breached by the infamous Raccoon info stealer. The growing popularity of the AI-powered chatbot is evident in the consistent increase of compromised ChatGPT accounts.
Info stealers are a type of malware that collects credentials saved in browsers; bank card details, crypto wallet information, cookies, browsing history, and other information from browsers installed on infected computers, and then send all this data to the malware operator.
Is ChatGPT boon or bane?
Stealers can also collect data from instant messengers and emails, along with detailed information about the victim’s device. Stealers work non-selectively. This type of malware infects as many computers as possible through phishing or other means to collect as much data as possible.
Info stealers have emerged as a major source of compromised personal data due to their simplicity and effectiveness. Logs containing compromised information harvested by info stealers are actively traded on dark web marketplaces.
Additional information about logs available on such markets includes the lists of domains found in the log as well as the information about the IP address of the compromised host.
Dmitry Shestakov, Head of Threat Intelligence at Group-IB, said that many enterprises are integrating ChatGPT into their operational flow.
“Employees enter classified correspondences or use the bot to optimise proprietary code. Given that ChatGPT’s standard configuration retains all conversations, this could inadvertently offer a trove of sensitive intelligence to threat actors if they obtain account credentials.”
Group-IB’s experts highlight that more and more employees are taking advantage of the Chatbot to optimise their work, be it software development or business communications.
By default, ChatGPT stores the history of user queries and AI responses.
Consequently, unauthorised access to ChatGPT accounts may expose confidential or sensitive information, which can be exploited for targeted attacks against companies and their employees.
Real-time threat intelligence needed
According to Group-IB’s latest findings, ChatGPT accounts have already gained significant popularity within underground communities.
To mitigate the risks associated with compromised ChatGPT accounts, Group-IB advises users to update their passwords regularly and implement two-factor authentication.
By enabling 2FA, users are required to provide an additional verification code, typically sent to their mobile devices, before accessing their ChatGPT accounts.
Having visibility into dark web communities allows organisations to identify if their sensitive data or customer information is being leaked or sold, Shestakov said.
Using real-time threat intelligence, he said that companies can better understand the threat landscape, proactively protect their assets, and make informed decisions to strengthen their overall cybersecurity posture.
Related posts:
- XDR is more than an emerging cybersecurity buzzword
- Understanding the threat in cybersecurity landscape
- How geopolitical DDoS attacks impact businesses