Posted on March 15, 2023 at 8:36 PM
Malicious ChatGPT Chrome extension hijacks Facebook accounts for advertising
The popularity of ChatGPT has increased since the chatbot was released by OpenAI in November last year. However, the popularity of this tool has also attracted much interest from hackers who have been taking advantage of the growing usage of this chatbot to launch malicious attacks.
Fake ChatGPT Chrome extension used for malicious advertisements
Researchers have detected a fake ChatGPT Chrome browser extension that can hijack Facebook accounts. The browser extension also creates malicious admin accounts. The discovery of this malicious activity has raised concerns over the new methods threat actors use to gain unauthorized access to user accounts.
Nati Tal, a researcher at Guardio Labs, published a technical report about hackers manipulating the ChatGPT chatbot’s popularity to target Chrome users. These hackers were using the fake extension of this chatbot to target top accounts on Facebook.
“By hijacking high-profile Facebook business accounts, the threat actor creates an elite army of Facebook bots and a malicious paid media apparatus,” Tal said. “This allows it to push Facebook paid ads at the expense of its victims in a self-propagating worm-like manner.”
The fake ChatGPT extension on Chrome is known as the “Quick access to Chat GPT.” The extension is fast gaining popularity as it is believed to have attracted 2000 daily installations daily since March 3, 2023. Google has since taken down the chatbot from the Chrome Web Store. It was removed from Web Store on March 9, 2023.
This Chrome extension might have gained popularity because of how hackers market it. The browser extension is being marketed using sponsored posts on Facebook. The browser add-on makes it possible for a user to connect their browser to the ChatGPT chatbot.
Nevertheless, while this extension connects users to the ChatGPT services, it has also been created for the malicious purpose of harvesting cookies and data from Facebook accounts. It harvests this information using an authenticated session that is already active.
“Although the extension gives you that (by simply connecting to the official ChatGPT’s API), it also harvests every information it can take from your browser, steals cookies of unauthorized active sessions to any service you have, and also employs tailored tactics to take over your Facebook account,” the researcher said.
The malicious threat actors can take control of Facebook accounts by using two fake Facebook applications. These applications are portal and msg_kig, used to sustain access to the backdoor. Additionally, a user can also gain complete control of the targeted individuals.
The hackers have also automated the process of adding applications to Facebook accounts. After the hacker takes control of a Facebook account, they use it for advertising malware. This propagates the scheme more and increases the likelihood of more people falling victim. Additionally, hackers can expand the number of compromised accounts they have accessed when using this technique.
Hackers capitalize on the popularity of ChatGPT
The release of ChatGPT created a lot of buzz around artificial intelligence. The potential of the chatbot to be used across multiple industries has been a major turning point for the tech industry. However, the massive popularity has also attracted interest from hackers.
Since OpenAI released ChatGPT last year, hackers have been taking advantage of the chatbot’s popularity to release fake versions of the chatbot. Unsuspecting users are lured into installing these chatbots, exposing them to malware.
In February this year, a report by Cyble said that there was a social engineering campaign revolving around the popularity of ChatGPT. This campaign relied on the unofficial ChatGPT social media page that directed users to fake domains that download information stealer tools such as Aurora, Lumma, and RedLine.
Malicious ChatGPT applications are also being downloaded from the Google Play Store and other third-party app stores on Android devices. These apps are installing the SpyNote malware on people’s devices, which has compromised the many Android users that use these app stores.
Last week, Bitdefender also released a report highlighting the growing risk of malicious ChatGPT applications. In the report, Bitdefender said that the success of OpenAI’s chatbot had attracted much interest from threat actors. These threat actors are using this technology to conduct investment scams that are sophisticated and targeted in nature. Unsuspecting internet users have ended up using the malicious versions of this chatbot after being lured by threat actors.