Chrome Extension Impersonating ChatGPT Found to be Stealing Facebook Accounts

A harmful Chrome extension named Chat-GPT has been found to extract sensitive information from Facebook accounts and generate unauthorized admin accounts to spread malicious software, as per Nati Tal, a researcher at Guardio Labs.

Although the browser extension claims to provide access to the ChatGPT service, it is designed to secretly collect cookies and Facebook account information through an existing authenticated session. The extension is being advertised through Facebook-sponsored posts.

The malicious actors achieve this by utilizing two fake Facebook applications, „portal“ and „msg_kig“, which serve as backdoors to gain complete control over the targeted profiles. The process of adding these applications to the victim’s Facebook accounts is automated.

Tal stated that, the threat actor builds a group of powerful Facebook bots and a malevolent paid media network by taking control of prominent business accounts on the platform. Through this tactic, the threat actor is able to promote Facebook paid ads while exploiting its victims, which in turn spreads the malware in a self-perpetuating, worm-like fashion.

After hijacking the Facebook business accounts, the threat actors utilize them to advertise the malware, thereby propagating the scheme and expanding the network of compromised accounts.

The incident shows how threat actors are exploiting the popularity of OpenAI’s ChatGPT by creating fake versions of the chatbot. Unsuspecting users are being tricked into installing these fake versions.

In a separate incident last month, Cyble uncovered a social engineering campaign that utilized an unauthorized ChatGPT social media page. The page directed users to malicious domains where they unknowingly downloaded information stealers such as RedLine, Lumma, and Aurora.

In addition to the fake ChatGPT extension for Chrome, fraudulent ChatGPT applications have been observed distributing SpyNote malware to users’ devices via the Google Play Store and other third-party Android app stores.

Google removed the „Quick access to Chat GPT“ extension from the Chrome Web Store after it was reported to have gained 2,000 daily installations. This was confirmed by Nati Tal, a researcher at Guardio Labs.