Fake OpenAI Chrome extension caught stealing Facebook account

Fake OpenAI Chrome extension caught stealing Facebook account

share on :

Fake OpenAI Chrome extension caught stealing Facebook account

A fake Chrome browser extension that used OpenAI’s ChatGPT service to steal Facebook session cookies and take over user accounts has been removed by Google.

Facebook accounts can be taken over and rogue admin accounts can be created using one of the many methods malware is propagated by cybercriminals. Several properties of this fake ChatGPT-branded Chrome browser extension were found.

The browser add-on is marketed through Facebook-sponsored posts, and while it gives the option to connect to the ChatGPT service, it’s also engineered to secretly gather cookies and Facebook account data using an existing live, authenticated session.

Fake OpenAI Chrome extension caught stealing Facebook account
Malicious Sponsored Posts on Facebook leading to the Malicious “FakeGPT” extension(Image source: guard.io)

Backdoor access is maintained and total control of the target profiles is achieved by using the phoney Facebook applications site and msg kig.

The news comes as threat actors are relying on the tremendous popularity of OpenAI’s ChatGPT since its release late last year to construct phoney versions of the artificial intelligence chatbot and fool unwary users into installing it.

See more: Github replaces RSA SSH host key after public exposure

After the attacker has the victim’s cookies, they try to access the victim’s Facebook account, change the password, alter the profile photo and name, and even use it to disseminate extremist content.

Fake OpenAI Chrome extension caught stealing Facebook account
From malvertising, extension installation, hijacking Facebook accounts, and back again to propagation (Image source: guard.io)

As a result of the development, it is now the second fake ChatGPT Chrome browser plugin to be discovered in the wild. On the social media site, sponsored postings were used to disseminate the other extension, which also functioned as a Facebook account thief.

See more: CISA Warns Industrial Control Systems have critical Vulnerabilities

A social engineering campaign using an unofficial ChatGPT social media website to send visitors to malicious domains that download information thieves like RedLine, Lumma, and Aurora was exposed by Cyble last month.

SpyNote malware has also been observed being spread onto people’s devices using fraudulent ChatGPT apps that are offered through the Google Play Store and other third-party Android app stores.


Author: Sayali Wable

We hope you found article interesting. For more exclusive content follow us on FacebookTwitter and LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked *