In an alarming turn of events, cybercriminals have launched a new strategy to spread malware: creating fake websites using the name of ChatGPT as decoy to steal cookies from Facebook.

These sites, designed to infect systems with malware, have mostly been operational for short periods of time. However, recently one in particular has been discovered that has caught the attention of security experts.

This site in question features the name of ChatGPT in its URL and offers a tool supposedly based on the code of the popular chatbot, but for marketing and advertising purposes.

Using sophisticated SEO and digital marketing techniques, hackers have managed to increase the reputation of these pages to gain greater visibility on the web.

Fake ChatGPT extensions are especially attractive to criminals as generative AI is constantly expanding with its application in various fields, allowing them to rank pages related to OpenAI generative AI.

The main goal of these attackers is to gain unauthorized access to the Facebook accounts of the victims.

To achieve this, they take advantage of the use of cookies, which are small files that store information and allow sessions to be kept open on the devices.

This means that users do not need to manually enter their credentials each time they want to access their accounts. However, if an attacker gains access to Facebook’s cookies on a computer, he can use them to perform actions on the user’s behalf without the user’s consent.

In this particular case, cybercriminals seek to get victims to download a malicious application that is installed as an extension for Google Chrome, granting them access to the browser’s cookies.

This gives them the ability to take different types of actions on the compromised account.

The deception occurs when the person downloads and installs the fake tool from the website, which, it should be mentioned, has been taken down. Inadvertently, the victim inadvertently installs malicious code that runs as a hidden browser extension.

When the download button is clicked and the indicated password (“888”) is entered, a file named “GPT4_V2_1.7_Setup.rar” is downloaded.

However, this file is not what it seems, as it is actually a file used to install software on Windows systems, with the ability to remove, modify, and even update programs.

Once this process is complete, a window will open in the Google Chrome browser that redirects the victim to the official ChatGPT site.

However, what the victim does not know is that a malicious extension has been installed on their computer and remains hidden, since no interface is provided for viewing it.

The research team has identified that within the folder created on the device, there is a file that corresponds to an extension that seeks to access all Facebook cookies stored in Google Chrome.

Specifically, it collects information related to cookies stored in the victim’s browser and sends it to the attacker, granting him access to the Facebook account and compromising the victim’s identity.

As cybercrime becomes more sophisticated, it is critical that users be vigilant and take precautions when downloading any type of software or extension.

It is recommended to verify the authenticity of sources before providing sensitive information or installing programs on devices. Staying informed and having up-to-date security solutions is critical to protecting yourself from increasingly inventive and dangerous online threats.