Skip to content

Meta fights back malware strains and ChatGPT-themed scams

  • by
  • 3 min read

Photo by mundissima /

Social Media giant Meta has issued a warning reporting a rise in changed tactics that modern threat actors are using across platforms to make detection more difficult for individual tech companies. However, they see this as a sign that industry regulations and frequent crackdowns on hackers are working, forcing them to try new things. 

In its May 3 report, the company highlights two known malware strains — Ducktail and Nodestealer. The former is used in attempts to infect a number of victims to take over Facebook business accounts and spread malicious ads. Ducktail’s activity has been attributed to threat actors in Vietnam, with the company issuing cease-and-desist letters to the responsible individuals in addition to notifying law enforcement. 

Nodestealer often disguises malware as PDF or XLSX files. | Source: Meta

As for Nodestealer, the malware targets Windows browsers to steal victims’ usernames, passwords and cookies only to use that data to compromise their Facebook, Gmail and Outlook accounts. The campaign was discovered in late January 2023 and has also been attributed to Vietnamese threat actors. Meta has begun submitting takedown requests to hosting providers, domain registrars and other service providers that the threat actors were using. These actions seem to have quite the effect, considering the company hasn’t seen any new Nodestealer samples since February 27. 

Another major point of concern was threat actors abusing the public’s interest in generative AI technologies like ChatGPT, Bing Chat and Google’s Bard to lure unsuspecting victims under the pretext of providing access to these technologies. Since March 2023, the company has blocked over 1,000 malicious links used in similar campaigns so that they can’t be shared on Meta platforms. It has also shared these URLs with other tech companies, in addition to reporting multiple malicious browser extensions and mobile apps. 

A fake ChatGPT website offering ChatGPT ‘downloads’ as a way to spread malware. | Source: Meta

With the goal of making it even more difficult for threat actors to carry out attacks using their most common tactics, Facebook now has additional controls for business accounts that help manage, verify and limit who can become an account administrator and perform sensitive actions. Meta is also launching a step-by-step guide for businesses to help flag and remove malware from enterprise devices, including suggesting third-party malware scanners. 

But that’s not all. In addition to providing more tools for users to protect themselves, Meta is also ramping up automated defences. The company is using public disclosure and information sharing with other tech companies as well as law enforcement to keep threat actors on their toes and attacks more difficult to carry out. 

In the News: Dark net drug hub, Monopoly Market, shut down; 288 arrested

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: