Security researchers say that info stealer malware remains a dangerous online threat and is now collecting ChatGPT login credentials.
A new study published by Group-IB on Tuesday found 101,134 info stealer-infected devices containing saved ChatGPT usernames and passwords available on the dark net marketplaces.
This data was collected between June 2022 and May 2023, with the last month of the study seeing a peak of 26,802 compromised ChatGPT accounts.
Asia-Pacific Most Affected, USA Not Immune
Group-IB researchers discovered info stealer logs of these credentials being traded on dark web marketplaces over the last year. Countries in the Asia-Pacific region account for the largest share of compromised devices at 40.5%.
India and Pakistan topped the list of most-affected countries, with 12,632 and 9,217 compromised devices, respectively.
Brazil, Vietnam, Egypt, the United States, France, Morocco, Indonesia, and Bangladesh are among the other countries that have the highest number of compromised ChatGPT credentials.
By comparison, the researchers found 2,995 compromised systems based in the United States. However, this data signals a potentially huge cybersecurity and privacy concern. ChatGPT maintains logs of user conversations by default. Many organizations around the world are also adding the AI tool to their company networks.
“Many enterprises are integrating ChatGPT into their operational flow,” said Dmitry Shestakov, Group-IB’s Head of Threat Intelligence.
“Employees enter classified correspondences or use the bot to optimize proprietary code. Given that ChatGPT’s standard configuration retains all conversations, this could inadvertently offer a trove of sensitive intelligence to threat actors if they obtain account credentials,” he added.
What is an Info Stealer? How Do They Steal ChatGPT Logins?
Info stealers are a type of malware that collect information from browsers of infected devices. Other than login credentials, the malware typically targets sensitive information like bank card data, crypto wallet addresses, browsing data, and cookies.
Attackers use techniques and tools such as keyloggers, malicious web forms and plug-ins, and browser hijacking to obtain information logs.
“This type of malware infects as many computers as possible through phishing or other means in order to collect as much data as possible. Info stealers have emerged as a major source of compromised personal data due to their simplicity and effectiveness,” Group-IB writes.
The researchers said that Racoon malware was behind most of the logs, over 78,000, containing ChatGPT information. Vidar followed with nearly 13,000 logs, and RedLine with about 6,700.
Last year, a NordVPN study also named the Racoon malware as one of the leading contributors to dark web bot markets.
Group-IB advises users to regularly update passwords and rely on two-factor authentication to access their accounts. Additionally, it is necessary to secure your browsing activity and remain protected from malicious files online.
We’ve reviewed NordVPN extensively, and in addition to encrypting your internet traffic and anonymizing your location, this VPN offers Threat Protection which blocks malware-ridden websites and prevents web tracking. Threat Protection also scans files for any signs of unwanted or infected files before you install them onto your device.
How to Access ChatGPT Safely From Anywhere
Considering the growing popularity and importance of ChatGPT in professional spheres, it is likely that malicious actors will increasingly target user credentials.
We can reiterate recommendations from Group IB, such as regularly changing passwords, enabling multi-factor authentication, using strong antivirus and threat protection, and encrypting your traffic with a VPN. These are all time-tested ways of keeping your account safe.
Apart from ensuring a secure connection, using a VPN can help you unblock ChatGPT in case you do not have access to the service in your country. You can re-route your internet traffic through a country like the U.K. or the United States and access the helpful AI tool in seconds.
Want to learn more? Head over to our guide on how to access ChatGPT in blocked countries.
