News Heading

Chrome Extension Impersonating ChatGPT Found to be Stealing Facebook Accounts

Reading time: 2 min

  • Ari Denial

    Written by Ari Denial Cybersecurity & Tech Writer

A harmful Chrome extension named Chat-GPT has been found to extract sensitive information from Facebook accounts and generate unauthorized admin accounts to spread malicious software, as per Nati Tal, a researcher at Guardio Labs.

Although the browser extension claims to provide access to the ChatGPT service, it is designed to secretly collect cookies and Facebook account information through an existing authenticated session. The extension is being advertised through Facebook-sponsored posts.

The malicious actors achieve this by utilizing two fake Facebook applications, “portal” and “msg_kig”, which serve as backdoors to gain complete control over the targeted profiles. The process of adding these applications to the victim’s Facebook accounts is automated.

Tal stated that, the threat actor builds a group of powerful Facebook bots and a malevolent paid media network by taking control of prominent business accounts on the platform. Through this tactic, the threat actor is able to promote Facebook paid ads while exploiting its victims, which in turn spreads the malware in a self-perpetuating, worm-like fashion.

After hijacking the Facebook business accounts, the threat actors utilize them to advertise the malware, thereby propagating the scheme and expanding the network of compromised accounts.

The incident shows how threat actors are exploiting the popularity of OpenAI’s ChatGPT by creating fake versions of the chatbot. Unsuspecting users are being tricked into installing these fake versions.

In a separate incident last month, Cyble uncovered a social engineering campaign that utilized an unauthorized ChatGPT social media page. The page directed users to malicious domains where they unknowingly downloaded information stealers such as RedLine, Lumma, and Aurora.

In addition to the fake ChatGPT extension for Chrome, fraudulent ChatGPT applications have been observed distributing SpyNote malware to users’ devices via the Google Play Store and other third-party Android app stores.

Google removed the “Quick access to Chat GPT” extension from the Chrome Web Store after it was reported to have gained 2,000 daily installations. This was confirmed by Nati Tal, a researcher at Guardio Labs.

Did you like this article? Rate it!
I hated it I don't really like it It was ok Pretty good! Loved it!

We're thrilled you enjoyed our work!

As a valued reader, would you mind giving us a shoutout on Trustpilot? It's quick and means the world to us. Thank you for being amazing!

Rate us on Trustpilot
5.00 Voted by 1 users
Title
Comment
Thanks for your feedback
Loader
Please wait 5 minutes before posting another comment.
Comment sent for approval.

Leave a Comment

Loader
Loader Show more...