Chrome Extension Steals Logins

Facebook users are currently being targeted by a deceptive browser extension that goes by the name of ChatGPT. This malicious extension specifically aims at users of Facebook and Chrome, leveraging the well-known reputation of the AI-powered chatbot.

On March 8, 2023, Nati Tal, a researcher from Guardio Labs, published a blog post on Medium, revealing the discovery of a Chrome Extension that claims to provide convenient access to ChatGPT but instead compromises Facebook accounts and installs hidden backdoors within them.

Tal highlighted in the blog post the presence of a malevolent Facebook app, acting as a "backdoor" mechanism that grants the threat actors super-admin permissions. Moreover, the extension is capable of extracting browser cookies from unsuspecting victims.

To spread awareness about this malicious campaign, Guardio issued warnings through its Twitter account.

The fraudulent browser extension, named "Quick access to Chat GPT," can hijack prominent Facebook accounts, resulting in the creation of "hijacked Facebook bot accounts." The threat actor behind this scheme exploits the compromised profiles to publish sponsored posts and engage in various social activities, even utilizing the victims' business account credits.

The blog post also speculated that once the attacker gains access to the stolen data, they will likely sell it to the highest bidder, following the typical pattern observed in such cases.

Potentially Thousands of Facebook Accounts Compromised

This malicious campaign has likely successfully hijacked thousands of Facebook accounts. According to the aforementioned blog post, the extension had been installed by over 2,000 users on a daily basis since its initial appearance on March 3, 2023.

Furthermore, Tal warned that each individual who installed the add-on had their Facebook account compromised, emphasizing that this might not be the only harm caused by the presence of the extension.

Malicious App Removed from Chrome Web Store

Although numerous users downloaded this fraudulent browser extension, it has been removed from the Google Chrome Store. This action prevents further attacks through Chrome-based downloads. The full extent of the campaign's impact is yet to be determined, but the number of installations raises significant concerns.

Exploiting the Name of ChatGPT

Scammers consistently exploit the popularity of ChatGPT by employing its name in their malicious activities. Whether it involves deceptive ChatGPT-related tokens or malicious extensions branded as Chat GPT, cybercriminals take advantage of the trust associated with this AI-powered chatbot to deceive individuals and unlawfully acquire their data and funds.