Fake ChatGPT Chrome Extension Hijacks Facebook Accounts

Fake ChatGPT Chrome Extension Hijacks Facebook Accounts

Published on: March 28, 2023
Last Updated: March 28, 2023

Fake ChatGPT Chrome Extension Hijacks Facebook Accounts

Published on: March 28, 2023
Last Updated: March 28, 2023

Riding the wave of ChatGPT’s evergrowing popularity, hackers are now using a malicious variant of an alleged ChatGPT extension for Google Chrome to steal Facebook accounts.

It was available for users to download and unsuspectingly have their personal data stolen, but it was finally removed after the report from Guardio Labs came out yesterday.

Discovered on the Chrome Web Store under the guise of “Chat GPT for Google”, the browser extension has already garnered more than 9000 downloads.

The report highlighted the extension was an update to an earlier known virus-ridden ChatGPT extension called FakeGPT, and the hackers “didn’t have to work hard on the look and feel of this malicious ChatGPT-themed extension.”

The trojanized extension is based on the same open-source project utilized by the official ChatGPT for Google extension, and all the scammers needed to do was add a few lines of code to steal cookies.

According to the researchers, the attackers use malicious sponsored Google Search results for “Chat GPT 4” to promote the fake add-on and target users looking for the latest version of the popular AI chatbot.

Moreover, since the fraudulent Chrome extension was listed on the official Chrome Web Store, users may have mistakenly assumed that it was the real deal, making it even more potent.

Within hours of the report from Guadio Labs, the agency claimed that “the extension is now removed from the Chrome store,” but not before it was downloaded thousands of times by unsuspecting users.

According to Bleeping Computer, the hackers published the extension on the Chrome Web Store on February 14, but the Google Search advertisements promoted by the threat actors began a month later.

Explaining the process of how these malicious extensions infiltrate the user’s Facebook accounts, as the “malicious code uses the OnInstalled handler function to steal Facebook session cookies.”

These stolen cookies allow the hackers to access the user’s Facebook profile, along with additional business features associated with the account.

Nati Tal, head of Guardio Labs, also stated that “misuse of ChatGPT’s brand and popularity just keeps on rising, used not only for Facebook account harvesting and not only with malicious fake Extensions for Chrome.”

Stay on top of the latest technology trends — delivered directly to your inbox, free!

Subscription Form Posts

Don't worry, we don't spam

Written by Husain Parvez

Husain has been around the internet ever since the dial-up days and loves writing about everything across the technosphere. He loves reviewing tech, writing about VPNs, and covering Cybersecurity news.