Ethical Hacking News Hubb
Advertisement Banner
  • Home
  • News
  • Ethical Hackers
  • Contact
No Result
View All Result
  • Home
  • News
  • Ethical Hackers
  • Contact
No Result
View All Result
Wellnessnewshubb
No Result
View All Result
Home Ethical Hackers

Fake ChatGPT Chrome Browser Extension Caught Hijacking Facebook Accounts

admin by admin
March 23, 2023
in Ethical Hackers


Mar 23, 2023Ravie LakshmananBrowser Security / Artificial Intelligence

Google has stepped in to remove a bogus Chrome browser extension from the official Web Store that masqueraded as OpenAI’s ChatGPT service to harvest Facebook session cookies and hijack the accounts.

The “ChatGPT For Google” extension, a trojanized version of a legitimate open source browser add-on, attracted over 9,000 installations since March 14, 2023, prior to its removal. It was originally uploaded to the Chrome Web Store on February 14, 2023.

According to Guardio Labs researcher Nati Tal, the extension is propagated through malicious sponsored Google search results that are designed to redirect unsuspecting users searching for “Chat GPT-4” to fraudulent landing pages that point to the fake add-on.

Installing the extension adds the promised functionality – i.e., enhancing search engines with ChatGPT – but it also stealthily activates the ability to capture Facebook-related cookies and exfiltrate it to a remote server in an encrypted manner.

Once in possession of the victim’s cookies, the threat actor moves to seize control of the Facebook account, change the password, alter the profile name and picture, and even use it to disseminate extremist propaganda.

ChatGPT Chrome Browser

The development makes it the second fake ChatGPT Chrome browser extension to be discovered in the wild. The other extension, which also functioned as a Facebook account stealer, was distributed via sponsored posts on the social media platform.

WEBINAR

Discover the Hidden Dangers of Third-Party SaaS Apps

Are you aware of the risks associated with third-party app access to your company’s SaaS apps? Join our webinar to learn about the types of permissions being granted and how to minimize risk.

RESERVE YOUR SEAT

If anything, the findings are yet another proof that cybercriminals are capable of swiftly adapting their campaigns to cash in on the popularity of ChatGPT to distribute malware and stage opportunistic attacks.

“For threat actors, the possibilities are endless — using your profile as a bot for comments, likes, and other promotional activities, or creating pages and advertisement accounts using your reputation and identity while promoting services that are both legitimate and probably mostly not,” Tal said.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
Previous Post

Graphical Interface For PortEx, A Portable Executable And Malware Analysis Library

Next Post

NetCrunch 2023 Review & Best Alternatives

Next Post

NetCrunch 2023 Review & Best Alternatives

Recommended

Pay What You Want for This Collection of White Hat Hacking Courses

1 year ago

Betternet vs Surfshark: Which VPN is Best?

7 months ago

© Ethical Hacking News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Ethical Hackers
  • Contact

Newsletter Sign Up.

No Result
View All Result
  • Home
  • News
  • Ethical Hackers
  • Contact

© 2022 Ethical Hacking News Hubb All rights reserved.