Google has removed a fake Chrome browser extension from the official Web Store after it was discovered that it was being used to steal Facebook session cookies and hijack accounts. The extension, called "ChatGPT For Google," was a trojanized version of a legitimate open-source browser add-on and had garnered over 9,000 installations since its upload on February 14, 2023. The extension was distributed through malicious sponsored Google search results that redirected users searching for "Chat GPT-4" to fraudulent landing pages. Once installed, the extension appeared to provide enhanced search engine functionality. It also covertly activated a process to capture Facebook-related cookies and send them to a remote server in an encrypted form. With the victim's cookies, the attackers could take control of their Facebook account, change the password, alter the profile name and picture, and use it to disseminate extremist propaganda.
This incident is just another one that proves the importance of security testing and marks the second fake ChatGPT Chrome browser extension found in the wild that was used to steal Facebook account information. Cybercriminals have proven to be adept at quickly adapting their campaigns to exploit the popularity of ChatGPT to distribute malware and conduct opportunistic attacks. The potential uses for a hijacked Facebook account are vast, including using the profile as a bot for promotional activities, creating pages and advertisement accounts under the victim's identity, and promoting both legitimate and illegitimate services. Users must exercise caution and maintain up-to-date security measures to protect themselves against these kinds of threats.
Comments