Fake ChatGPT Chrome Extension Hijacking Facebook Accounts for Malicious Advertising

MuzzMelbourne

MuzzMelbourne

Level 15
Thread author
Verified
Top Poster
Well-known
Mar 13, 2022
544
3,920
1,369
Australia
Content source
https://thehackernews.com/2023/03/fake-chatgpt-chrome-extension-hijacking.html
A fake ChatGPT-branded Chrome browser extension has been found to come with capabilities to hijack Facebook accounts and create rogue admin accounts, highlighting one of the different methods cyber criminals are using to distribute malware.

"By hijacking high-profile Facebook business accounts, the threat actor creates an elite army of Facebook bots and a malicious paid media apparatus," Guardio Labs researcher Nati Tal said in a technical report.

"This allows it to push Facebook paid ads at the expense of its victims in a self-propagating worm-like manner."

The "Quick access to Chat GPT" extension, which is said to have attracted 2,000 installations per day since March 3, 2023, has since been pulled by Google from the Chrome Web Store as of March 9, 2023.
Click to expand...
thehackernews.com

Fake ChatGPT Chrome Extension Hijacking Facebook Accounts for Malicious Advertising

A fake ChatGPT Chrome browser extension has been found to hijack Facebook accounts and create rogue admin accounts.
thehackernews.com thehackernews.com
 
  • Like
  • Thanks
Reactions: [correlate], Trident, oldschool and 2 others
A fake ChatGPT extension named “Quick access to ChatGPT” has been found to hijack Facebook business accounts. The extension injects malicious code into the Facebook pages of targeted businesses, allowing attackers to gain unauthorized access to the accounts and take over their management functions. This has led to multiple businesses reporting similar incidents of unauthorized access.
Click to expand...
blog.zonealarm.com

Fake ChatGPT browser extension is hijacking Facebook Business accounts | ZoneAlarm Security Blog

A significant number of people downloaded a fake Chrome browser extension for ChatGPT. Unfortunately, the extension was actually malicious.
blog.zonealarm.com blog.zonealarm.com
 
  • Like
Reactions: MuzzMelbourne, Gandalf_The_Grey, EascapenMatrix and 2 others
oldschool said:
This is just another example showing it's risky adding "convenience" extensions, which only increase attack surface and open you up to outright fakes like this one.

Stay simple and stay safe. Word! (y):cool:
Click to expand...
Threat actors exploit fads. Fads are treasure for them. Easy low-hanging fruits. Humans are such easy prey.
 
You must log in or register to reply here.

You may also like...