security company Guardio Laboratoriesfound a copy of malware in the Chrome Web Store that used stolen Facebook session cookies to infiltrate user accounts and steal access. According to BleepingComputer, This “fake” ChatGPT extension leveraged the Chrome extension API to sniff active Facebook cookies and send the stolen data to the attacker’s servers. The hacker then logged into the Facebook account, changed the account credentials and changed the profile to the fake persona “Lily Collins”. These zombie accounts have been used to spread malicious advertising and extremist propaganda.
Most users exposed to the fake extension likely downloaded the extension via a sponsored ad on Google searches for “ChatGPT 4”, similar to attacks targeting Radeon and Bitwarden users earlier this year.
Even if you download this malicious extension, it is not easy to immediately notice something strange. Gadio Labs explained that the ChatGPT integration works in Google search results because the malicious Chrome extension uses legitimate extension code.
If you downloaded the extension from the Chrome Web Store between February 14 and March 22, chances are you’ve been exposed to a fake extension. Google’s malicious text ads started on March 14.
If ChatGPT for Google is installed on your PC and you want to check if it is a legitimate extension, click the puzzle piece icon to the right of the Chrome address bar, then click Manage extensions. Click the extension’s “Details” button, then click “Show in Chrome Web Store”. List of official extensionslists “chatgpt4google.com” as a verified developer, and extensions created by this developer have over 1 million users. Everything else is wrong.
The fake extension discovered this time is not the first fake extension to target curious ChatGPT users. Guardio Labs is responsible for the malicious extension previous versionwould have been detected. At the time, he was using Facebook marketing to attract Chrome users. Since ChatGPT is a hot topic and there are many malicious Google ads, more clones may appear in the future.
So, above all, be careful about the links you click on in Google search results and install anti-virus software. You may also consider installing an ad blocker such as uBlock Origin.
editor@itworld.co.kr
