Fake Chrome extension ChatGPT steals Facebook login information
Fake ChatGPT extension is targeting Facebook users
Facebook and Chrome users are being targeted by a malicious browser extension that uses the name of the popular AI chatbot ChatGPT.
On March 8, 2023, Guardio Labs researcher Nati Tal stated in a Medium blog post that "A Chrome extension that supports quick access to fake ChatGPT functionality has been found to be is hijacking Facebook accounts and installing hidden account backdoors".
In the Medium blog post, Tal also notes the use of "a Facebook app 'backdoor' that silently grants threat actors super-admin rights". The extension may also collect the victim's browser cookies.
Guardian took to Twitter to warn readers about the malicious campaign.
The fake browser extension, named 'Quick access to Chat GPT', can attack high profile Facebook accounts to create "hacked Facebook bot accounts". The threat actor then "publishes more sponsored posts and other social activities using the victim's profile and spends the credits in the business account".
The blog post also speculates that, once an attacker has access to your data, they "will probably sell it to the highest bidder as usual".
Thousands of Facebook accounts may have been compromised
In this malware campaign, thousands of Facebook accounts may have been successfully hijacked. In the aforementioned blog post, it is stated that "more than 2000 users install this extension daily since it first appeared on 03/03/2023."
On top of that, each individual installing the add-on "has his Facebook account stolen and this is probably not the only damage", many other consequences can arise from the presence of the open add-on wide.
Malicious Apps Removed from Chrome
Although thousands of people have downloaded this fake browser extension, it has now been taken down from the Google Chrome Store, preventing further attacks via Chrome-based downloads. It is not known exactly how many people have been affected by this campaign, but the number of installations is not small.
The name ChatGPT is often used by scammers
Since ChatGPT became famous, its name has been repeatedly used by cybercriminals to gain the trust of potential victims. Whether it's a fake ChatGPT-related token or a malicious extension claiming to be ChatGPT, the popularity of this AI chatbot is definitely being used by malicious actors to steal data and money.
You should read it
- 9 useful Chrome extensions for ChatGPT
- Users should remove ChatGPT fake applications immediately if they do not want to 'lose money'
- Can cybercriminals use ChatGPT to hack your bank or PC?
- Cybercriminals spread fake ChatGPT apps to spread malware
- Why are hackers targeting ChatGPT accounts?
- 9 ChatGPT and Generative AI API alternatives for developers
- Is ChatGPT accessible with a VPN?
- 4 ways to use ChatGPT to manage time
- Why were new ChatGPT registrations stopped? When will it reopen?
- 9 practical applications of ChatGPT in programming
- How to use ChatGPT API
- What is ChatGPT Code Interpreter? Why is it so important?
Maybe you are interested
Why is there no professional mode on Facebook?
How to retrieve Facebook password, recover latest account
How to contact Facebook account support
Instructions to turn off Facebook Story comments
7 things you should not share on social network Facebook
Instructions to hide likes on Facebook on phone and computer