Fake ChatGPT Browser Extension Steal Data of FB users: Report

A fake ChatGPT-branded Chrome browser extension was discovered to have the ability to hijack Facebook accounts and create rogue admin accounts, as per a report. It shows one of the tactics cybercriminals use to propagate malware. The “Quick access to Chat GPT” extension, which reportedly drew 2,000 daily installations as of March 3, 2023, has been removed from the Chrome Web Store by Google as of March 9, 2023. The extension enabled the hackers to promote Facebook-paid advertisements at the expense of its victims in a worm-like fashion.

In a technical paper, researcher Nati Tal of Guardio Labs said,

By hijacking prominent Facebook business accounts, the threat actor establishes an elite army of Facebook bots and harmful paid media machinery.

The browser add-on was marketed via Facebook-sponsored posts, and while it gave the option to connect to the ChatGPT service, it was also designed to stealthily gather cookies and Facebook account information using an active, authenticated session.

This was accomplished by utilizing two fake Facebook applications, portal and msg_kig, to maintain backdoor access and gain complete control over the target profiles. Adding applications to Facebook accounts is a fully automated process.

The infected Facebook business profiles are then used to promote the malware, further propagating the scheme and extending the number of compromised accounts.

Since its introduction late last year, threat actors have capitalized on the immense popularity of OpenAI’s ChatGPT by creating fake versions of the artificial intelligence chatbot and tricking unsuspecting users into installing them.

Last month, Cyble disclosed a social engineering campaign that utilized an unofficial ChatGPT social media website to send visitors to malicious domains that download information stealers such as RedLine, Luma, and Aurora.

Check out? GM to Soon Launch ChatGPT-like Digital Assistant for Cars