ChatGPT remained a massive solution provider in the world of AI till cyber criminals found it too interesting to ignore. The discovery of an adulterated ChatGPT chrome browser extension with Facebook account hijack capabilities has prompted cybersecurity experts to sensitize the public. A Guardio Labs researcher discovered that the threat actors create groups of Facebook bots and malicious media devices to hijack high-profile Facebook business accounts and create rogue admin accounts. By doing so, they could push Facebook ads at the victims’ expense to propagate their agenda.
On March 9, 2023, Google took action against the adulterated extension “Quick access to Chat GPT” by pulling it down from the Chrom Web Store; nevertheless, the record revealed over 2000 daily installations since March 3, 2023.
Through an entirely automated process, threat actors engage two fake Facebook applications (portal and msg_kig) in maintaining backdoor access and obtaining complete target profile control. The threat actors entice victims with facebook-sponsored posts revealing the extension’s ability. They keep them by ensuring the extension connects perfectly to the ChatGPT service to prevent victims from realizing background activities, including harvesting cookies and Facebook account data through an active, authenticated session. The advertisement process continues using the hijacked Facebook business account.
On March 9, 2023, Google removed the malicious extension “Quick access to Chat GPT” from the Chrome Web Store. However, it has been installed over 2000 times daily since March 3, 2023. The threat actors engaged in an automated process where they used two fake Facebook applications, portal and msg_kig, to maintain backdoor access and gain complete control over the target profile. They enticed victims with Facebook-sponsored posts revealing the extension’s ability and kept them by ensuring it connected perfectly to the ChatGPT service. They also harvested cookies and Facebook account data through an active, authenticated session without the victims realizing it, and they continued the advertisement process using the hijacked Facebook business account.
Although ChatGPT has seen tremendous success, popularity, and implementations in the last few months, Bitdefender, in a report, disclosed the challenges accompanying the success of ChatGPT.
“Unfortunately, the success of the viral AI too has also attracted the attention of fraudsters using the technology to conduct highly sophisticated investment scams against unwary internet users.”
Cybel also revealed the use of an unofficial ChatGPT social media page in directing users to malicious domains that auto-download stealer malware, like Lumma and Aurora, in an ongoing social engineering campaign. It is eminent for AI users to take extreme caution due to the presence of fake ChatGPT apps on trusted platforms like Google Play Store.
