Many hackers are taking advantage of the huge popularity of the ChatGPT AI chatbot as a way to lure their victims.
Guardio Labs, which specializes in digital security solutions, said it found a fake Chrome extension that claims to incorporate ChatGPT answers into Google search results, when in reality the extension hacks into victims’ Facebook accounts.
The fake extension exploits the Chrome Extensions API to steal active cookies for Facebook accounts and send their data to attackers’ servers. Once in possession of that data, hackers can access Facebook accounts, change account information, and turn victims’ profiles into fake ones that are used to spread malicious ads and extremist propaganda.
The company said the attackers took advantage of the chatbot’s huge popularity to lure their victims. The attackers worked to spread the malicious addition through advertisements that appeared to those looking for “ChatGPT 4” inviting them to try the latest version of it.
According to the company, the malicious extension has been downloaded more than 9,000 times since it was made available on February 14. She stated that what makes the plugin unquestionable is that it works properly. The attackers developed the malicious add-on based on the source code of a similar legitimate add-on that is available in open source form.
The company added that the extension was still available in the Chrome Web Store between February 14 and March 22, the date that Google removed the extension from its store immediately after its discovery.
Guardio Labs said that this is not the first time it has discovered an add-on targeting ChatGPT seekers, as it had previously revealed a similar add-on that the attackers had posted ads on both Facebook and Google.
The company warned that ChatGPT’s growing popularity makes it an easy target for victims, expected similar attacks to increase, and urged users to beware of downloading any questionable add-ons, especially those promoted through web ads.