Pretend ChatGPT Chrome browser extension caught hijacking Fb accounts

March 23, 2023Ravie Lakshmanan Browser Safety / Synthetic Intelligence

Google intervened to take away from the official net retailer a pretend Chrome browser extension posing as OpenAI’s ChatGPT service to gather Fb session cookies and hijack the accounts.

The “ChatGPT For Google” extension, a trojanized model of a authentic open-source browser add-on, attracted over 9,000 installs since March 14, 2023 earlier than it was eliminated. It was initially uploaded to the Chrome Net Retailer on February 14, 2023.

Based on Guardio Labs researcher Nati Tal, the extension was distributed by way of maliciously sponsored Google search outcomes designed to redirect unsuspecting customers trying to find “Chat GPT-4” to misleading touchdown pages that hyperlink to the pretend add-on.

Putting in the extension provides the promised performance – i.e. bettering search engines like google with ChatGPT – but it surely additionally secretly allows the flexibility to gather Fb-related cookies and exfiltrate them encrypted to a distant server.

As soon as in possession of the sufferer’s cookies, the attacker makes an attempt to take management of the Fb account, change the password, change the profile identify and film, and even use it to unfold extremist propaganda.

The event makes it the second pretend ChatGPT Chrome browser extension to be detected within the wild. The opposite extension, which additionally acted as a Fb account stealer, was distributed by way of sponsored posts on the social media platform.


Uncover the hidden risks of third-party SaaS apps

Are you conscious of the dangers related to third-party app entry to your group’s SaaS apps? Be a part of our webinar to study concerning the sorts of permissions which are granted and the way to mitigate threat.


If something, the outcomes are additional proof that cybercriminals are in a position to rapidly adapt their campaigns to capitalize on ChatGPT’s recognition, distribute malware, and stage opportunistic assaults.

“For menace actors, the chances are countless – you should use your profile as a bot for feedback, likes, and different promotional actions, or create pages and advert accounts that use your repute and identification whereas selling companies which are each authentic and most definitely not .” Tal stated.

Did you discover this text fascinating? observe us on Twitter and LinkedIn to learn extra unique content material we publish.