Security researchers warn of yet another security threat that uses public interest in ChatGPT to propagate. This time it’s disguised as a Chrome extension.
In a blog post, Guardio claimed that attackers forked a legitimate open-source “ChatGPT for Google” extension and added malicious code designed to steal Facebook session cookies.
Users were then directed to the extension by malicious sponsored search engine results.
“So you’re dying to try out a new algorithm, search for ‘Chat GPT 4’ and eventually click on a sponsored search result that promises it,” explains Guardio. .
“This will redirect you to a landing page that offers ChatGPT within the search results page. Now all you have to do is install the extension from the official Chrome store. This will allow you to access ChatGPT from your search results.” But Facebook accounts will soon be compromised as well.”
ChatGPT Threat Details: Phishing sites and apps use ChatGPT as a lure.
Malicious extensions are particularly difficult to distinguish from the legitimate versions they are based on, because their code differs in only one way.
“If you look at the ‘OnInstalled’ handler function that is triggered when the extension is installed, you can see that the real extension uses it to bring up the options screen (to log into your OpenAI account). You can see that they are doing it,” said Guardio.
“On the other hand, the forked and turned malicious code is exploiting this very moment to steal the session cookie.”
Stolen cookies are encrypted and stolen, threat actors are provided on-demand access to compromised accounts, and login details are changed to lock out legitimate users.
Security vendors claim the malicious Chrome extension ChatGPT was downloaded more than 9,000 times before it was removed by Google.
This is the second ‘FakeGPT’ extension discovered by Guardio, the first being distributed through a sponsored Facebook post.
Editorial image credit: Alexander56891 / Shutterstock.com
