Google Removes Fake ChatGPT Chrome Browser Extension that Hijacked Facebook Accounts

Cyberattacks such as this emphasize the importance of strong cybersecurity practices, such as regularly updating software and keeping antivirus software up-to-date, to ensure the security of personal and sensitive data.

According to Google has recently removed a bogus Chrome browser extension from the official Web Store that was masquerading as OpenAI’s ChatGPT service. The fake extension was designed to harvest Facebook session cookies and take over user accounts.

The “ChatGPT For Google” extension was a trojanized version of a legitimate open-source browser add-on that was uploaded to the Chrome Web Store on February 14, 2023. Prior to its removal, the fake extension had already attracted over 9,000 installations since March 14, 2023.

The extension was propagated through malicious sponsored Google search results that redirected unsuspecting users searching for “Chat GPT-4” to fraudulent landing pages that pointed to the fake add-on. Once installed, the extension added the promised functionality of enhancing search engines with ChatGPT. However, it also stealthily activated the ability to capture Facebook-related cookies and exfiltrate them to a remote server in an encrypted manner.

Once the attackers gained possession of the victim’s cookies, they moved to seize control of the Facebook account. They changed the password, altered the profile name and picture, and used it to disseminate extremist propaganda. This development makes it the second fake ChatGPT Chrome browser extension to be discovered in the wild. The other extension, which also functioned as a Facebook account stealer, was distributed via sponsored posts on the social media platform.

The findings are proof that cybercriminals are capable of swiftly adapting their campaigns to take advantage of the popularity of ChatGPT and to distribute malware and stage opportunistic attacks. Threat actors can use the victim’s profile as a bot for comments, likes, and other promotional activities or create pages and advertisement accounts using the victim’s reputation and identity while promoting services that are both legitimate and mostly not.

It is essential to exercise caution while browsing the internet and be wary of downloading and installing browser extensions from third-party sources. Users should always ensure that they are downloading legitimate extensions from official sources and that the extension’s permissions are in line with its intended purpose.

Previous Story

Lelapa AI to launch Vulavula, an AI-powered solution for under-represented languages.

Next Story

The story behind Beem Tech Startup