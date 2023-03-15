Was discovery a fake extension of the Chrome browser, the well-known Google browser, branded ChatGPT capable of hijacking Facebook accounts and creating administrator accounts; this other is not one of several methods used by cybercriminals to distribute malware, as well as one of the most well-known ones.

How does this malicious Chrome extension work?

“By hijacking high-profile Facebook business accounts, an attacker creates an elite Facebook bot and a malicious paid advertising apparatus“, has said Guardio Labs researcher Nati Tal in a technical report, adding, “This allows it to serve paid Facebook ads at the expense of its victims similar to a self-paying worm“.

The “GPT Chat Quick Access” extension, appears to have attracted 2,000 installs per day since March 3, 2023, was removed from the Chrome web store by Google on March 9, 2023.

The browser add-on was promoted through sponsored posts on Facebook and, although it offers the possibility to connect to the ChatGPT service, it is also designed to stealthily collect cookies and Facebook account data using an already active and authenticated session.

This is achieved by using two fake Facebook applications – portal and msg_kig – to maintain backdoor access and gain full control over target profiles. The process of adding apps to Facebook accounts is fully automated.

The hijacked Facebook business accounts are then used to advertise the malware, further propagating the scheme and effectively expanding the collection of compromised accounts.

Further developments come as bad actors are capitalizing on the immense popularity of OpenAI’s ChatGPT, since its release late last year to create fake versions of the AI ​​chatbot and trick unsuspecting users into installing them (after all, the code is Open Source). , technically within anyone’s reach).

Last month, Cyble has revealed the existence of a campaign of social engineering which relied on an unofficial ChatGPT social media page to direct users to malicious domains that download information, such as RedLine, Lumma And Aurora.

Fraudulent applications of ChatGPT have also been seen distributed through the Google Play Store and other third-party app stores for Android that carry the SpyNote malware on people’s devices.

“Unfortunately, the success of the viral AI tool has also attracted the attention of scammers who use the technology to conduct highly sophisticated investment scams against unwary internet users.“, has revealed Bitdefender last week.

“I downloaded it, should I remove it?”

Needless to say: absolutely yes!

Although Chrome on the store has actually removed this bogus application that mimicked ChatGPT it’s still important to get rid of the extension, you never know they’ll somehow work around its absence; difficult, but not impossible.

Secondly, given that the bogus application targeted Facebook accounts: immediately change your password (putting a solid one), and look for any logs you don’t know and remove them immediately (this is done from the Facebook settings).

A little help could be to install a good adblocker: this extension, not surprisingly, exploited malicious advertising, if they do not appear, consequently, they cannot “get” you.

Unfortunately you have to be careful when browsing the internet, remember that even seemingly innocent posts can hide curious pitfalls; trivially even posts on the zodiac sign could be used against you, because firstly many use their sign as a password, secondly it gives a clue about your date of birth (sensitive data that can be used to “recover” accounts).

Having said that: keep an eye out and happy surfing!