< Back to 68k.news US front page

Fake GPT Chrome extension steals Facebook session cookies, breaks into accounts

Original source (on modern site) | Article images: [1]

This article is more than 1 year old

The world has gone ChatGPT bonkers.

Just about everyone is talking about it, and if you're not talking about it then that's because you're too busy getting ChatGPT to complete your homework, or compose the perfect email to your boss explaining why you deserve a payrise.

There's a danger though. Because of this hubbub about the extraordinary AI chatbot is inevitably going to pique the interest of this who haven't yet had a chance to try it out. And those folks may want an easy-peasy way to dip their toe into the dystopian artifical intelligence hellhole that appears to be right around the corner.

So, if you don't know how to access ChatGPT, what do you do?

Well, you might use your trusty search engine to find out how to access ChatGPT.

And that's the first risk. Because cybercriminals have poisoned Google search results with malicious webpages and sponsored ads that point to fake browser extensions that claim to give you instant, user-friendly access to ChatGPT but are actually a cover for doing something much more malicious instead.

As security researchers at Guardio Labs describe, scammers managed to plant a scam browser extension into the official Chrome store that claimed to be for "Chat GPT 4."

And the malicious extension steals your computer's Facebook-related cookies and silently squirrels them away to the hacker, who can then seize control of your business's Facebook page.

Once they've gained access to your company's Facebook account, passwords can be changed (locking out the genuine owner), and the official Facebook page of your business hijacked to spread disinformation, scams, spam… effectively whatever the hacker wants.

Google says it has now removed the extension from its Chrome Web Store, as well as the malicious ads in its search results. However, it wouldn't be a surprise if similar attempts were made to exploit the interest in ChatGPT sooner rather than later.

Don't forget - browser extensions and add-ons have an enormous amount of power. If you install a rogue extension, everything you do in your browser could be compromised.

< Back to 68k.news US front page