After capturing Facebook session cookies and taking control of accounts, a fake Chrome browser extension that was released under the pretext of OpenAI's ChatGPT service was taken down from Google's official Web Store. Before it was removed, the spyware, named "ChatGPT For Google," had been installed more than 9,000 times. The malicious extension, a trojanized variation of an open-source browser add-on, gave the impression that it would improve search engines with ChatGPT while secretly stealing and sending Facebook-related cookies to a remote server. This allowed attackers to hijack the Facebook account, change the profile name and image, and spread propaganda.
Users looking for "Chat GPT-4" were redirected to fake landing pages where the malicious extension was made available for download. The fake extension was distributed using malicious sponsored Google search results. This is the second time a fake ChatGPT Chrome browser plugin has been discovered in the market; a previous instance involved paid Facebook posts.
The discovery of the malicious extension serves as a reminder that hackers can easily modify their campaigns in order to take advantage of ChatGPT's popularity and spread malware, frequently through opportunistic attacks. The capability of the extension to access Facebook accounts and steal private information emphasizes the significance of exercising caution when downloading extensions and upgrading software frequently to keep computers secure.
Source: https://thehackernews.com/2023/03/fake-chatgpt-chrome-browser-extension.html
MORE CATEGORIES
Events (0)
General (3)
Jobs & Career (0)
Must Read (0)
Security (1)
Tech (4)