[ad_1]
Check Point Research (CPR) has warned of an increase in transactions of stolen ChatGPT premium accounts, allowing cybercriminals to bypass OpenAI’s geofencing restrictions and gain unlimited access to ChatGPT.
The account takeover (ATO) market, the theft of accounts for different online services, is one of the most thriving markets in the hacking underground and dark web. Traditionally, this market has focused on stolen financial services accounts (banks, online payment systems, etc.), social media, online dating sites, email, and more.
Sergey Shykevich, Threat Intelligence Group Manager, CPR, said: “Artificial intelligence is a powerful tool. At Check Point Software, we use AI in ThreatCloud to detect and stop cyberattacks in real time. Unfortunately, cybercriminals are also early adopters of AI Since December, CPR has warned that ChatGPT also has cybersecurity implications. Now, we are also seeing a growing market for stolen ChatGPT premium accounts on the dark web – with potentially significant implications for personal and corporate privacy .”
Focus on premium accounts
Since March 2023, CPR has seen an increase in discussions and transactions regarding stolen ChatGPT accounts, with a focus on premium accounts:
* Disclosure and free release of credentials to ChatGPT accounts
*Stolen premium ChatGPT account transactions
*Brute Force and Checker Tools for ChatGPT – Tools that allow cybercriminals to break into ChatGPT accounts by running through massive lists of email addresses and passwords, trying to guess the right combination to access an existing account.
*ChatGPT Account as a Service – Offers a dedicated service to open a ChatGPT Premium Account, most likely using a stolen payment card.
Why is the ChatGPT account theft market on the rise, and what are the main concerns?
ChatGPT imposes geofence restrictions on access to its platform from certain countries, including Russia, China, and Iran. Recently CPR has highlighted that exploiting the ChatGPT API allows cybercriminals to bypass different restrictions, as well as use ChatGPT’s advanced accounts.
Stolen ChatGPT account
All this leads to an increasing demand for stolen ChatGPT accounts, especially paid premium accounts. On the in-demand darknet underground, smart cybercriminals are always ready to capitalize on business opportunities.
Meanwhile, chatGPT privacy concerns have been debated over the past few weeks, with Italy banning ChatGPT and Germany considering banning it. We highlight another potential privacy risk of the platform. ChatGPT accounts store the account owner’s most recent queries.
So when cyber criminals steal an existing account, they have access to the account’s original owner’s inquiries. This can include personal information, details about company products and processes, etc.
ChatGPT Stolen Account Transactions
Cybercriminals often take advantage of the fact that users reuse the same passwords across multiple platforms. Using this knowledge, malicious actors load combined sets of emails and passwords into specialized software (also known as account checkers) and execute attacks against specific online platforms to identify sets of credentials that match platform logins.
Ultimate account takeover occurs when a malicious actor takes control of an account without the authorization of the account holder.
Over the past month, CPR has observed an increase in discussions in underground forums related to leaking or selling compromised ChatGPT premium accounts:
Most stolen accounts are sold, but some attackers also share stolen ChatGPT premium accounts for free to advertise their own services or tools to steal accounts. In the following example, a cybercriminal shared four stolen advanced ChatGPT accounts. The way and structure of these accounts were shared led CPR to conclude that the accounts were stolen using the ChatGPT account checker.
Tools to Hack ChatGPT Accounts
SilverBullet is a web test suite that allows users to execute requests against target web applications. It provides many tools to work with the results. The software can be used for scraping and parsing data, automated pen testing, unit testing via selenium, and more.
This tool is also often used by cybercriminals to perform credential stuffing and account checking attacks on different websites to steal accounts from online platforms.
Since SilverBullet is a configurable suite, to perform a censorship or brute force attack on a website, a “configuration” file is required to tune this process for a particular website and allow cybercriminals to steal accounts for that website in an automated fashion.
In one specific case, CPR discovered that cybercriminals provided SilverBullet with a configuration file that allowed for a set of credentials to be checked for the OpenAI platform in an automated fashion. This allows them to steal accounts on a massive scale.
The process is fully automated and can initiate between 50 and 200 checks per minute (CPM). In addition, it supports proxy implementation, which in many cases allows it to bypass different protections against such attacks on websites.
Another cybercriminal who only focuses on abusing and defrauding the ChatGPT product even named himself “gpt4”. In his post, he not only sells ChatGPT accounts, but also the configuration of another automated tool that checks the validity of credentials.
ChatGPT Plus lifetime upgrade service
On March 20, an English-speaking cybercriminal started advertising the ChatGPT Plus lifetime account service with 100% satisfaction guaranteed.
A lifetime upgrade for a regular ChatGPT Plus account (opened via an email provided by the buyer) is $59.99 (versus OpenAI’s original legitimate pricing for the service was $20 per month). However, to keep costs down, the underground service also offers an option to share access to a ChatGPT account with another cybercriminal for $24.99 for lifetime use.
Many underground users have already left positive feedback on the service and vouch for it.
As in other illegal cases, when a threat actor offers certain services at significantly lower prices than the original legitimate service (for another example, see our blog on underground travel ticketing services), we assess that escalation payments are made using previously compromised Payment card completed by way of — trade arab news agency
[ad_2]
Source link