A "taunted" version of the popular legitimate ChatGPT Chrome extension steals Facebook accounts. It managed to infiltrate 9000 computers through Chrome Web store.
The extension is a copy of the legitimate popular extension for Chrome named “ChatGPT for Google” which offers ChatGPT integration in the results search.
Ωστόσο, αυτή η κακόβουλη έκδοση περιλαμβάνει πρόσθετο κώδικα που επιχειρεί να κλέψει cookies of Facebook.
The publisher of the malicious extension uploaded it to the Chrome Web Store on February 14, 2023, but started promoting it using Google Search ads only on March 14, 2023. Since then, it has averaged a thousand installs per day.
The researcher who discovered it, Nati Tal of Guardio Labs, it's mentioned that the extension communicates with the same server used earlier this month by a similar Chrome extension, which had amassed 4.000 downloads before Google removed it from the Chrome Web Store.
Therefore, this new variant is considered part of the same effort, which the operators maintained as a copy security στο Chrome Web Store και την ενεργοποίησαν όταν κατslowthe first expansion took place.
The malicious extension is promoted via ads in Google Search results when searching for “Chat GPT4”.
Clicking on the sponsored results takes users to a fake “ChatGPT for Google” landing page and from there to the extension's page in the official Chrome extension store.
After the victim installs the extension, they get the promised functional(embedding ChatGPT in search results), as the code of the legitimate extension still exists. However, the malicious plugin also attempts to steal cookies for Facebook accounts.
These stolen cookies allow fraudsters to log into the victim's Facebook account and gain full access to their profiles.
The malicious extension is no longer available in the Chrome Web Store but some victims have already been harmed. Check immediately if you are among them.