- Fake “ChatGPT” Chrome Extension Hacks Facebook Accounts
- Cybercriminals are exploiting the popularity of ChatGPT to spread their attacks
- Phishing campaigns and malicious applications related to ChatGPT have also been discovered on the Google Play Store and other platforms.
Guardio Labs and Bitdefender warn of the spread of a malicious Chrome extension claiming to be related to ChatGPT. This extension hijacks Facebook accounts and creates malicious administrator accounts. Hackers are thus surfing on one of the many methods of choice for distributing malicious software: using a viral phenomenon to try to deceive Internet users.
According to Nati Tal, a researcher at Guardio Labs, hackers use these hacked Facebook accounts to create an army of bots and market the impression of malicious advertisements. They can thus serve paid advertisements on Facebook at the expense of their victims, in an autonomous and trojan-like way.
Review your Chrome extensions, especially those called “ChatGPT”
L’extension “Quick access to ChatGPT”said to have been installed 2,000 times a day since March 3, 2023. Following the report, it was fortunately removed from the Chrome Web Store on March 9, 2023. However, Google cannot disable the extension remotely if you already have it installed, and that’s why it’s highly recommended to review the extensions you have.
Especially since the extension in question continues to commit its misdeeds, and remains promoted by sponsored publications on Facebook. In detail, the extension actually offers the possibility of quickly connecting to ChatGPT, but in doing so it also collects cookies and connection data from Facebook accounts on your computer.
To do this, fake Facebook applications (portal and msg_kig) spoof certain pages related to login and thus maintain stealth access to take full control of the targets. Adding these apps to Facebook accounts is fully automated. The hijacked accounts are then used to promote the malware, thereby spreading the scheme and expanding the collection of compromised accounts.
The finding comes as many malicious actors take advantage of ChatGPT’s massive popularity since late 2021 to create fake versions of the chatbot and trick unwary users. Last month, Cyble revealed the existence of a social engineering campaign based on a compromised ChatGPT page on social networks.
This redirected users to malicious domains and made victims download personal data-collecting malware such as RedLine, Lumma and Aurora. Also beware of the Google Play Store and other third-party Android app stores: rogue ChatGPT apps have also been spotted there. The latter often distribute the SpyNote malware to victims’ devices.
The problem is unfortunately widespread and calls for caution. As Bitdefender also noted last week: “unfortunately, the success of ChatGPT is attracting the attention of malicious actors – who are using the technology to conduct highly sophisticated scams promising lucrative investments to unsuspecting internet users”.
