Fake OpenAI Chrome extension caught stealing Facebook account
A fake Chrome browser extension that used OpenAI’s ChatGPT service to steal Facebook session cookies and take over user accounts has been removed by Google.
Facebook accounts can be taken over and rogue admin accounts can be created using one of the many methods malware is propagated by cybercriminals. Several properties of this fake ChatGPT-branded Chrome browser extension were found.
The browser add-on is marketed through Facebook-sponsored posts, and while it gives the option to connect to the ChatGPT service, it’s also engineered to secretly gather cookies and Facebook account data using an existing live, authenticated session.
Backdoor access is maintained and total control of the target profiles is achieved by using the phoney Facebook applications site and msg kig.
The news comes as threat actors are relying on the tremendous popularity of OpenAI’s ChatGPT since its release late last year to construct phoney versions of the artificial intelligence chatbot and fool unwary users into installing it.
After the attacker has the victim’s cookies, they try to access the victim’s Facebook account, change the password, alter the profile photo and name, and even use it to disseminate extremist content.
As a result of the development, it is now the second fake ChatGPT Chrome browser plugin to be discovered in the wild. On the social media site, sponsored postings were used to disseminate the other extension, which also functioned as a Facebook account thief.
A social engineering campaign using an unofficial ChatGPT social media website to send visitors to malicious domains that download information thieves like RedLine, Lumma, and Aurora was exposed by Cyble last month.
SpyNote malware has also been observed being spread onto people’s devices using fraudulent ChatGPT apps that are offered through the Google Play Store and other third-party Android app stores.
Author: Sayali Wable