Fake ChatGPT Chrome Browser Extension Hijacking Facebook Accounts
A fake ChatGPT Chrome browser extension has been discovered to have the capability to hijack Facebook accounts and create rogue admin accounts for malicious advertising purposes.
The extension, called “Quick Access to Chat GPT,” has been promoting itself through Facebook-sponsored posts and has attracted 2,000 installations per day since March 3, 2023.
The malicious add-on has been pulled from the Chrome Web Store by Google since March 9, 2023.
Guardio Labs researcher Nati Tal has warned that the hijacking of high-profile Facebook business accounts by the extension creates an elite army of Facebook bots, which allows it to push Facebook paid ads in a self-propagating, worm-like manner.
The threat actor behind the fake ChatGPT extension achieves this by using two bogus Facebook applications, portal and msg_kig, to maintain backdoor access and obtain full control of the target profiles.
This process of adding the apps to the Facebook accounts is fully automated, making it easier for the malware to spread.
Threat actors are increasingly taking advantage of the popularity of OpenAI’s ChatGPT to create fake versions of the AI chatbot and trick unsuspecting users into installing them.
In addition to the fake ChatGPT Chrome extension, fake ChatGPT apps have also been spotted in the Google Play Store and other third-party Android app stores, which distribute SpyNote malware to people’s devices.
The development comes as fraudsters use the viral AI tool to conduct highly sophisticated investment scams against unwary internet users.
Last month, Cyble reported a social engineering campaign that directed users to malicious domains that download information stealers, such as RedLine, Lumma, and Aurora, via an unofficial ChatGPT social media page.
Bitdefender also warned last week about the rise of investment scams that use the technology.
