Facebook Accounts Hacked by Fake ChatGPT Posing as Browser Extension
How Fake ChatGPT Chrome Browser Extension Was Used To Hack Facebook Accounts
It seems that cybercriminals don’t lack ideas on how to hack people’s accounts. This time, they created a fake ChatGPT Chrome Browser Extension and hacked numerous Facebook accounts. It wasn’t an isolated case. There are other examples of such cases. So, let’s see how threat actors did that.
Cybercriminals, or better to say threat actors, managed somehow to put ChatGPT Chrome Browser Extension on the official Web Store. In other words, they infiltrated malicious sponsored ads that will lead people to install this fake extension. People weren’t suspicious about this extension, and in a short time, there were 9000 installations.
This fake ChatGPT Chrome Browser Extension was promoted as an add-on which will enhance ChatGPT search engines. However, this extension had the ability to capture Facebook cookies from all those who installed this fake extension. After capturing Facebook cookies, it exfiltrated, and then encrypted them before sending them to a remote server.
Once they got Facebook cookies from those people still unaware what’s going on, the cybercriminals took control over their Facebook account, changed passwords and profile name and pictures. Those accounts were mostly used to promote extremist propaganda.
The Hijacking In Short
Here how the hijacking of Facebook accounts happened in short:
- Malicious sponsored search result infiltrated into Google Search
- People searched for ChatGPT 4
- Malicious sponsored search result was somewhere at the top of the search result
- Person clicked on that malicious sponsored ad
- Extension was downloaded from Official store
- The browser extension installed
- The fake extension stole Facebook session cookies
- The fake extension sent those cookies to the cybercriminals
- Facebook accounts compromised
How Did Google Detect The Fake Chat GPT
Having more than 9000 installations in a short time is quite a huge success for cybercriminals, because it meant that over 9000 hacked Facebook accounts that were used mostly for extremist propaganda.
However, this fake ChatGPT browser extension wasn’t detected until the second fake ChatGPT browser extension appeared with the same intent - to steal Facebook accounts. This fake extension was promoted on the social media platform.
The Second Fake ‘’Quick access to Chat GPT extension’’
The second fake ChatGPT browser extension is called ‘’Quick access to ChatGPT extension’’, which was promoted via Facebook ads. However, these ads were promoted via already hacked Facebook accounts, mostly business Facebook accounts.
This was indeed a well-designed hijacking operation. Using already hacked accounts to hack even more profiles. Moreover, they were even capable of creating fake admin accounts thanks to the stolen cookies.
Other Detected Examples of ChatGPT Misuse
The AI-tools quickly became popular, especially ChatGPT. It’s no wonder that threat actors used it to hack accounts. Cyble Research and Intelligence Labs (CRIL) has already detected such cases in which ChatGPT was used to distribute malware.
The CRIL says that there was an unofficial social media page devoted to ChatGPT that led users to malicious domains that automatically send information to the stealers, especially to Aurora, Lumma, and RedLine. Also, there are some fraudulent ChatGPT apps even in Google Play Store that were pushing SpyNote malware into people’s gadgets.
Check Twice Before You Click
Technology is surely fast-progressing. However, we mustn’t forget that there are cybercriminals and actor threats that want to hack our accounts for various reasons. Even though there are protection strategies and agencies that look for malware, we as users shouldn’t be so careless.
This should be a warning to all of us to check twice or even thrice before clicking on something on the internet. It’s better to be suspicious and cautious because we never know whether it’s just a click-bait to lure us, and to steal from us.