Fake ChatGPT Chrome Browser Extension Caught Hijacking Facebook Accounts

March 23, 2023Rabbi Lakshmananbrowser security / artificial intelligence

Google stepped in to remove a fake Chrome browser extension that impersonates OpenAI’s ChatGPT service, collects Facebook session cookies, and hijacks accounts from its official web store.

The “ChatGPT For Google” extension, a trojanized version of a legitimate open source browser add-on, amassed over 9,000 installs since March 14, 2023 before being removed. Originally uploaded to the Chrome Web Store on February 14, 2023.

According to Guardio Labs researcher Nati Tal, the extension redirects unsuspecting users searching for “Chat GPT-4” to a deceptive landing page pointing to a fake addon. Propagated via engineered and malicious sponsored Google search results.

Installing the extension adds the promised functionality (i.e. powering your search engine with ChatGPT), but also secretly the ability to capture Facebook-related cookies and steal them to a remote server in an encrypted way. Enabled.

Once attackers have obtained a victim’s cookies, they can take control of Facebook accounts, change passwords, change profile names and photos, and even use them to spread extremist propaganda.

This development made it the second fake ChatGPT Chrome browser extension that was actually discovered. Another extension also acted as a Facebook account stealer and was distributed through sponsored posts on social media platforms.

If anything, the findings are yet another evidence that cybercriminals can quickly adapt their campaigns to leverage the popularity of ChatGPT to distribute malware and carry out opportunistic attacks.

“The potential for threat actors is endless. While using your profile as a bot for comments, likes, and other promotional activities, or using your reputation and identity to create pages and ad accounts, , advertising a service that is legitimate and probably not,” Tull said.