Cyber SafetyDevice & IoTPress ReleaseThreat Detection & Defense

Discover Over 100 Daily Detections of Malicious URLs Related to ChatGPT with Advanced URL Filtering System

Palo Alto Networks, the global cybersecurity leader, recently released research from its threat intelligence team, Unit 42 on how the increasing popularity of generative AI has led to a surge in scams themed around ChatGPT. The study sheds light on the diverse tactics employed by scammers to scam users into sharing confidential information or installing malicious software. The research also provides concrete instances and case studies to demonstrate these methods.
 
Unit 42 looked at several phishing URLs that pretended to be the official OpenAI website. The scammers behind such schemes typically create counterfeit websites that closely resemble the official ChatGPT website, with the intention of tricking users into downloading malicious software or disclosing private, confidential information. Even though OpenAI offers a free version of ChatGPT, scammers often mislead their victims into visiting fraudulent websites and paying for these services.
 
Key findings from the report include: 

  • The AI ChatGPT extension can add a background script to the victims’ browser that contains a highly obfuscated JavaScript. This Javascript calls the Facebook API to steal a victim’s account details, and it might get further access to their account.
  • Between November 2022-April 2023, Unit 42 observed an increase of 910% in monthly registrations for domains related to ChatGPT
  • There were more than 100 daily detections of ChatGPT-related malicious URLs captured from traffic seen in the Palo Alto Networks Advanced URL Filtering system.
  • In the same timeframe, the team observed nearly 18,000% growth of squatting domains from DNS security logs.
  • Unit 42 observed multiple phishing URLs attempting to impersonate official OpenAI sites. Typically, scammers create a fake website that closely mimics the appearance of the ChatGPT official website, then trick users into downloading malware or sharing sensitive information.
  • Despite OpenAI giving users a free version of ChatGPT, scammers lead victims to fraudulent websites, claiming they need to pay for these services.

 
For more information, you can check out the complete blog here. Please do reach out to me if you have any questions, and I can put you in touch with an expert at Palo Alto Networks. 

CSA Editorial

Launched in Jan 2018, in partnership with Cyber Security Malaysia (an agency under MOSTI). CSA is a news and content platform focusing on key issues in cybersecurity in the region. CSA is targeted to serve the needs of cybersecurity professionals, IT professionals, Risk professionals and C-Levels who have an obligation to understand the impact of cyber threats.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *