MetAI Assistant Adware

During an investigation of fraudulent websites, infosec researchers uncovered a Web page that was promoting an installer containing the MetAI assistant browser extension. The extension is advertised as a tool that allows users to access 'OpenAI' - most probably referring to ChatGPT, the chatbot developed by OpenAI - on the Facebook social networking platform. The popularity of ChatGPT has attracted the attention of unscrupulous cybercriminals and scammers and they have started to use it as a lure to trick unsuspecting users.

However, further analysis of the extension revealed that it functions as adware, displaying advertisements on the user's screen and collecting sensitive information without the user's knowledge or consent. This type of behavior can pose a significant threat to the user's privacy and security and should be treated with caution.

Adware Like the MetAI Assistant may be Extremely Invasive

Adware is software that is designed to support advertising, typically by displaying ads on websites or other interfaces. These ads often promote online scams, harmful software, and malware. Some intrusive ads are even capable of downloading and installing malicious software on a user's device when clicked.

It is worth noting that while legitimate products and services may be advertised through these ads, they are unlikely to be supported in this manner by their actual developers. In most cases, these ads are placed by scammers who abuse the content's affiliate programs to obtain illegitimate commissions for their endorsement.

While adware may not always display advertisements, as it depends on various factors such as browser/system compatibility, website visits, and other conditions, the presence of the MetAI assistant browser extension on a system poses a threat to the device and user safety.

In addition to displaying advertisements, the MetAI assistant could have data-tracking abilities that require permission to access Facebook data, including sensitive and personally identifiable information. However, the extension's data harvesting may not be limited to Facebook and can include browsing and search engine histories, bookmarks, login credentials, credit card numbers, and other personal information. This collected data could potentially be monetized by selling it to third parties or otherwise abused for profit, making it a serious threat to user privacy and security.

PUPs and Adware are Rarely Installed Intentionally

PUPs (Potentially Unwanted Programs) and adware are commonly distributed using various methods that rely on user interaction. These methods typically involve tricking users into downloading and installing these programs through social engineering techniques, such as misleading advertisements, fake software updates, and deceptive download managers. Often, these programs are bundled with legitimate software, and users unknowingly install them alongside the desired program. They may also be distributed via infected email attachments or malicious websites that claim to offer free software or other desirable content.

One common method used by distributors of PUPs and adware is malvertising, which involves placing malicious advertisements on legitimate websites. These ads can appear as pop-ups or banner ads and are designed to look like legitimate software updates or download links. When users click on these ads, they may unknowingly download and install PUPs or adware on their systems.

Another method is through social engineering techniques, such as misleading advertisements that offer fake discounts or prizes. When users click on these ads, they are redirected to websites that prompt them to download software or enter personal information. Often, these sites are designed to look like legitimate ones, and users may unwittingly download PUPs or adware in the process.