"Fake ChatGPT for Google Extension Hijacks Facebook Accounts"

Guardio Labs researchers discovered that a new Chrome extension that promises to enhance users' Google searches with ChatGPT also leads to compromised Facebook accounts. While this method is not new, the extension worked as claimed. The Artificial Intelligence (AI)-driven chatbot ChatGPT has gained immense popularity. People must create a free account to use it, and they can later upgrade to a paid version to gain access to more features. To avoid paying for additional features or when searching for a (now nonexistent) desktop or mobile ChatGPT app, users may fall victim to scams claiming to provide what they seek for free. When visitors search for ChatGPT via Google Search, they are served with a malicious sponsored ad that sends them to a fake ChatGPT for Google landing page and then to the malicious extension on the official Chrome Store. This extension is a copy of the popular open-source extension "ChatGPT for Google," but it can also perform malicious activities. According to researchers, the extension abuses the Chrome Extension Application Programming Interface (API) in order to obtain a list of Facebook-related session cookies. Guardio Labs reports that the extension was downloaded more than 9,000 times before Google removed it, indicating that many Facebook accounts have been hijacked. This article continues to discuss the fake ChatGPT extension leading to compromised Facebook accounts.

Help Net Security reports "Fake ChatGPT for Google Extension Hijacks Facebook Accounts"