It has been discovered that a bogus Chrome extension, posing as ChatGPT’s, is equipped with the ability to hijack Facebook accounts and create unauthorized admin accounts. This serves as a reminder that cybercriminals continue to employ various methods to spread malware.
In a technical report, researcher Nati Tal from Guardio Labs revealed that a cyber criminal using a fake ChatGPT-branded Chrome browser extension is hijacking prominent Facebook business accounts to create a network of Facebook bots and a malicious paid media system. This enables the attacker to push Facebook paid advertisements at the cost of their targets in a self-replicating and worm-like fashion.
The “Quick access to Chat GPT” browser extension has been removed from the Chrome Web Store by Google as of March 9, 2023. The extension, which reportedly garnered 2,000 daily installations since March 3, 2023, was found to have malicious capabilities.
The ChatGPT browser extension is marketed through sponsored Facebook posts, but its true purpose is to clandestinely gather cookies and Facebook account information by exploiting an existing authenticated session.
Two fake Facebook applications named “portal” and “msg_kig” are utilized by cyber criminals to gain backdoor entry and acquire complete control of targeted profiles. The installation of these apps on Facebook accounts is completely automated, allowing them to surreptitiously maintain backdoor access and obtain full control of the accounts.
The malware utilizes the compromised Facebook business accounts to advertise itself, which leads to the expansion of its army of Facebook bots.
The rise of fake ChatGPT versions has given an opportunity for threat actors to exploit unsuspecting users into installing them. Since its launch last year, OpenAI’s ChatGPT has gained immense popularity, and cybercriminals have been creating fake versions of the AI chatbot to target users.
Recently, a social engineering campaign was uncovered by Cyble, which utilized an unofficial ChatGPT social media page to lure unsuspecting users to malicious websites that distribute information stealers like RedLine, Lumma, and Aurora.
Bitdefender recently revealed that the success of OpenAI’s ChatGPT has attracted the attention of fraudsters who utilize the technology to carry out sophisticated investment scams. Additionally, fake ChatGPT apps have been found in the Google Play Store and other third-party Android app stores, which distribute SpyNote malware to users’ devices.
As a note of caution, don’t download any web extensions or any unusual plug-ins. I know it may sound enticing to have ChatGPT in your browser, but please do careful research before downloading anything from the internet.
