"Fake ChatGPT Chrome Extension Pilfers Facebook Accounts"
Researchers at the cybersecurity firm Guardio discovered that a malicious browser extension called "Quick access to Chat GPT" tries to hijack Facebook accounts and distribute itself in a "worm-like" fashion. Additionally, the extension collects browser cookies, including security and session tokens, for services such as YouTube, Google, and Twitter. The extension's selling point was its ability to allow users to quickly use the ChatGPT bot directly from their browser. The extension developers even connected users to an official ChatGPT Application Programming Interface (API). The attackers focused on Facebook users with prominent business profiles. These accounts would be taken over by threat actors, letting their army of self-replicating bots to promote themselves with advertisements funded by the victim's company account. Researchers emphasize that the attack is sophisticated since the threat actors took time to give users the advertised functionality in the extension's description. Once installed, a popup window appears in the browser, allowing the user to prompt ChatGPT as advertised. This article continues to discuss the malicious ChatGPT extension for Google Chrome that targeted high-value Facebook accounts to push paid ads at the expense of its victims
Cybernews reports "Fake ChatGPT Chrome Extension Pilfers Facebook Accounts"