The malicious extension has been downloaded more than 9,000 times since it became available on February 14.
Many hackers use the huge popularity of the ChatGBT AI chatbot as a way to lure victims.
Cardio Labs, which specializes in digital security solutions, said it discovered a fake Chrome extension that claims to embed ChatGPT responses in Google search results, when in fact the extension hacks victims’ Facebook accounts.
The fake extension uses the Chrome Extensions API to steal active cookies for Facebook accounts and send their data to the attacker’s servers. Once they have that data, hackers can access Facebook accounts, change account information, and fake victim profiles that are used to spread malicious ads and extremist propaganda.
The company said the attackers used the chatbot’s huge popularity to lure victims. The attackers worked to spread the malicious add-on through ads that appeared to people searching for “ChatGPT 4”.
According to the company, the malicious extension has been downloaded more than 9,000 times since it was made available on February 14. That said, the plugin works perfectly without a doubt. Attackers build a malicious add-on based on the source code of a similar legitimate add-on available in open source form.
The company added that the extension was still available on the Chrome Web Store between February 14 and March 22, and Google removed the extension from its store immediately after its discovery.
Cardio Labs said this isn’t the first time it’s found an add-on targeting SateGBT searchers, as attackers previously revealed a similar add-on posted ads on both Facebook and Google.
ChatGPT’s growing popularity makes it an easy target for victims, with similar attacks expected to increase, and urged users to be wary of downloading any suspicious add-ons, especially those promoted through web ads.
“Professional coffee fan. Total beer nerd. Hardcore reader. Alcohol fanatic. Evil twitter buff. Friendly tv scholar.”
