Fake ChatGPT Chrome Browser Extension Caught Hijacking Facebook Accounts


Google has taken action to eliminate a fraudulent Chrome browser extension from the legitimate Web Store. This extension misrepresented itself as OpenAI's ChatGPT service but was actually used to collect Facebook session cookies and take control of user accounts.

A malicious version of a lawful open source browser add-on called ChatGPT For Google was downloaded over 9000 times after it was uploaded to the Chrome Web Store on February 14, 2023. The extension was discovered to be a trojan and was eventually taken down in March of that same year.

Nati Tal, a researcher at Guardio Labs, stated that the malicious extension was spread via Google search results that were sponsored to deceive users searching for Chat GPT-4. These misleading results redirected users to fake pages promoting the fraudulent add-on.

By installing the extension, not only does it provide the promised feature of improving search engines with ChatGPT, but it also secretly enables the capability to acquire Facebook-related cookies and remove them in a coded format to a distant server.

After obtaining the victim's cookies, the attacker proceeds to take over their Facebook account by altering its password, changing the profile name and picture, and potentially distributing extremist propaganda.

The recent discovery marks the identification of the second fraudulent ChatGPT Chrome browser extension. The initial extension, which posed as a Facebook account thief, was circulated through sponsored content on the said social media platform.

The results indicate that cybercriminals can easily modify their schemes to take advantage of the ChatGPT's popularity, and utilize it as a means for distributing malware and launching sudden attacks. This serves as further evidence of their adaptability.

Tal stated that there are countless opportunities for individuals who pose a threat, such as using your profile to perform automated activities like commenting and liking or establishing pages and advertising accounts under your name while advertising primarily illegitimate services.

Post a Comment

Previous Post Next Post