Threat actors have recognized the popularity of ChatGPT and saw it as an opportunity to execute hacks. In this particular instance, a fake ChatGPT Chrome browser extension can hijack Facebook accounts by collecting session cookies.
Fake ChatGPT Security Risk
The good news is, Google has already resolved the issue and removed the mentioned browser extension from the official Web store. The extension posed as OpenAI's famous chatbot which was uploaded on February 14th, 2023.
Since March 14th, 2023, the malicious extension has gotten over 9,000 installs before it was removed. The extension really does work by enhancing the search engine, according to The Hacker News, but it also does its main purpose under the radar.
The extension acting as a trojan would harvest Facebook-related cookies and send them to a remote server. Once the threat actor acquires the needed data, they can take over the Facebook account and change its passwords, name, profile photo, and more.
Researcher Nati Tal from Guardio Labs said that the extension was spread through malicious sponsored Google search results, which would lead its victims to a false website that has the fake browser extension ready for installation.
He added that threat actors can do many things with hijacked accounts. They can use the stolen profiles for comments, likes, and promotional activities, as well as create pages and advertisement accounts using the victim's identity or reputation.
This isn't the first time a threat actor used ChatGPT as a disguise to spread malware. Fake ChatGPT apps and links have been used to spread malware for Android and Windows devices in late February.
Read Also: OpenAI To Fix ChatGPT Bug Exposing Chat Histories
Other Instances
Hackers are aware that people will look for free versions of the ChatGPT premium version and use this opportunity to spread malware that will benefit them. While there are no "hacks" to access the paid version for free, others have still fallen for the trick.
With the promise of uninterrupted and free access, users would install the malware into their systems, wherein it will ask them to provide account credentials for the hacker to exploit, as mentioned in Bleeping Computer.
The domain appeared as "chat-gpt-pc.online." Once opened, the user will be infected with Redline, malware that can steal information from a user's computer. According to security researcher Dominic Alvieri, it looks like a download button for ChatGPT for Windows.
Others threat actors have resorted to fake Facebook pages that claim to be the official ChatGPT page. It would even keep up the ruse by posting content that appears like announcements or news from OpenAI.
One of its posts contains a link that claims to be free ChatGPT for PC. OpenAI has not released ChatGPT for PC, and the particular link on the post of the fake ChatGPT page will lead users to a phishing page instead.
According to reports, there are over 50 malicious apps that affiliate themselves with ChatGPT to convince unsuspecting users to download the apps. Some are even promoted on the Google Play Store and other Android app stores.
Related: Fake ChatGPT Apps and Links Are Used to Spread Malware on Windows, Android
