At least 100,000 devices have fallen victim to various infostealer malwares in the past year, resulting in the leakage of ChatGPT credentials to the Dark Web. Infostealers are malicious programs designed to collect sensitive information from target machines, including browser histories, cookies, and documents. Hackers often profit from this data by either using it themselves or selling it on the Dark Web. Cybersecurity firm Group-IB has been monitoring the sale of these credentials and found a staggering total of 101,134 ChatGPT accounts exposed between June 2022 and last month.
The primary culprit behind these leaks is a well-known and notorious tool called Raccoon. Initially discovered in 2019, Raccoon is a Russian-designed infostealer that temporarily shut down last year following its creator’s death. However, it resurfaced after three months with new and improved capabilities. Since then, Raccoon has been responsible for leaking ChatGPT credentials from around 78,348 devices. In addition to Raccoon, researchers also identified 12,984 GPT-laden logs attributed to Vidar and 6,773 to Redline.
Analyzing the sample size, the researchers found that less than 5,000 infected devices could be traced back to North America. The majority of affected devices were located in the Asia-Pacific region, with India (12,632) and Pakistan (9,217) being the top contributors. Other countries with a significant number of exposed ChatGPT credentials included Brazil (6,531), Vietnam (4,771), and Egypt (4,558).
The trendline of compromised ChatGPT accounts is alarming. In December, the researchers initially tracked 2,766 Dark Web stealer logs containing compromised accounts. This number soared to over 11,000 the following month and doubled within two months. By May, the figure had risen to a staggering 26,802.
Despite the focus on ChatGPT credentials, experts argue that infostealers are just the tip of the iceberg. Mike Parkin, senior technical engineer at Vulcan Cyber, explains that infostealers are not as outwardly destructive as ransomware, making them harder to detect. Due to their stealthy nature, organizations often realize their sensitive data has been stolen only after it’s too late.
Infostealers can gather a wide range of data, including application and web credentials, personal information, stored files, and system configurations. This means that infected systems can expose companies to significant risks, including the loss of intellectual property and sensitive financial information. As long as infostealers remain prevalent, the leakage of ChatGPT credentials will be the least of anyone’s concerns.
The real question raised by Parkin is the extent of the data being leaked by these types of malware. Infostealers operate silently, making it difficult for organizations to detect their presence and mitigate the risks they pose. It is crucial for businesses to enhance their cybersecurity measures, including robust detection systems and regular security assessments, to safeguard their sensitive data from these stealthy threats.