Google has stepped in to take away a bogus Chrome browser extension from the official Web Store that masqueraded as OpenAI’s ChatGPT service to reap Facebook session cookies and hijack the accounts.
The “ChatGPT For Google” extension, a trojanized model of a professional open supply browser add-on, attracted over 9,000 installations since March 14, 2023, previous to its removing. It was initially uploaded to the Chrome Web Store on February 14, 2023.
According to Guardio Labs researcher Nati Tal, the extension is propagated by malicious sponsored Google search outcomes which are designed to redirect unsuspecting customers looking for “Chat GPT-4” to fraudulent touchdown pages that time to the pretend add-on.
Installing the extension provides the promised performance – i.e., enhancing search engines like google with ChatGPT – however it additionally stealthily prompts the flexibility to seize Facebook-related cookies and exfiltrate it to a distant server in an encrypted method.
Once in possession of the sufferer’s cookies, the menace actor strikes to grab management of the Facebook account, change the password, alter the profile title and film, and even use it to disseminate extremist propaganda.
The growth makes it the second pretend ChatGPT Chrome browser extension to be found within the wild. The different extension, which additionally functioned as a Facebook account stealer, was distributed through sponsored posts on the social media platform.
Discover the Hidden Dangers of Third-Party SaaS Apps
Are you conscious of the dangers related to third-party app entry to your organization’s SaaS apps? Join our webinar to be taught concerning the forms of permissions being granted and how one can reduce danger.
If something, the findings are one more proof that cybercriminals are able to swiftly adapting their campaigns to money in on the recognition of ChatGPT to distribute malware and stage opportunistic assaults.
“For menace actors, the probabilities are infinite — utilizing your profile as a bot for feedback, likes, and different promotional actions, or creating pages and commercial accounts utilizing your status and identification whereas selling companies which are each professional and possibly largely not,” Tal mentioned.