Google stepped in to remove a fake Chrome browser extension that impersonates OpenAI’s ChatGPT service, collects Facebook session cookies, and hijacks accounts from its official web store.
The โChatGPT For Googleโ extension is a trojanized version of Genuine open source browser add-on, amassed over 9,000 installs since March 14, 2023, before being removed. Originally uploaded to the Chrome Web Store on February 14, 2023.
according to Guardio Lab According to researcher Nati Tal, the extension is a malicious extension designed to redirect unsuspecting users searching for “Chat GPT-4” to a deceptive landing page pointing to a fake addon. Propagated through some sponsored Google search results.
Installing the extension adds the promised functionality (i.e. powering your search engine with ChatGPT), but also secretly the ability to capture Facebook-related cookies and steal them to a remote server in an encrypted way. Enabled.
Once attackers have obtained a victim’s cookies, they can take control of Facebook accounts, change passwords, change profile names and photos, and even use them to spread extremist propaganda.
This development made it the second fake ChatGPT Chrome browser extension that was actually discovered. Another extension also acted as a Facebook account stealer and was distributed through sponsored posts on social media platforms.
Discover the hidden dangers of third-party SaaS apps
Are you aware of the risks associated with third-party app access to your company’s SaaS apps? Join our webinar to learn about the types of permissions granted and how to minimize the risks.
If anything, the findings are yet another evidence that cybercriminals can quickly adapt their campaigns to leverage the popularity of ChatGPT to distribute malware and carry out opportunistic attacks.
โThe potential for threat actors is endless. While using your profile as a bot for comments, likes, and other promotional activities, or using your reputation and identity to create pages and ad accounts, , advertising a service that is legitimate and probably not,โ Tull said.