Cybercriminals are using a variety of tactics to spread malware, and a recent discovery reveals that they have created a fake ChatGPT-branded Chrome browser extension with the ability to hijack Facebook accounts and create unauthorized admin accounts.
The surge in popularity of OpenAI's ChatGPT since its launch late last year has provided a ripe opportunity for threat actors to create counterfeit versions of the AI chatbot to deceive unsuspecting users into downloading them.
In a recent incident, a social engineering campaign uncovered by Cyble exploited a fake ChatGPT social media page to redirect users to malicious domains that downloaded information stealers like RedLine, Lumma, and Aurora. Additionally, fake ChatGPT apps were detected on the Google Play Store and other third-party Android app stores, which facilitated the distribution of SpyNote malware to user devices.
The cybercriminals behind the fake ChatGPT Chrome extension are able to create a network of Facebook bots and a malicious paid media system by taking over high-profile Facebook business accounts. This allows them to spread Facebook paid ads and further propagate the malware.
The extension, named "Quick access to Chat GPT", had been installed 2,000 times per day since March 3, 2023, but has since been removed by Google from the Chrome Web Store on March 9, 2023.
Image Source: https://thehackernews.com/
The fake ChatGPT Chrome extension is being advertised through Facebook-sponsored posts and claims to offer access to the ChatGPT service. However, it is actually designed to stealthily collect cookies and Facebook account information using an existing, authenticated session.
This is achieved by utilizing two fraudulent Facebook applications, portal and msg_kig, to maintain a backdoor and gain complete control over the targeted profiles. Adding the fake applications to Facebook accounts is done automatically.
The cybercriminals then use the hijacked Facebook business accounts to promote the malware, thereby increasing the number of Facebook bots under their control.
Unfortunately, the rise in ChatGPT's popularity has also attracted fraudsters who have leveraged the technology to carry out highly advanced investment scams against unwary internet users, as reported by Bitdefender last week.
If you have fallen victim to a fake ChatGPT Chrome extension that hijacked your Facebook account for malicious advertising, it is important to take immediate action to protect your personal information and prevent further damage. Here are some steps you should take:
- 1. Remove the malicious extension: The first step is to remove the malicious extension from your browser. Open Google Chrome and go to the Chrome menu. Select "More tools" and then click on "Extensions". Find the extension that you suspect is malicious, and click on "Remove".
- 2. Change your Facebook password: After removing the malicious extension, you should change your Facebook password immediately to prevent any further unauthorized access to your account. Choose a strong, unique password that you have not used before. Avoid using common words, phrases, or personal information that could be easily guessed.
- 3. Enable two-factor authentication: Two-factor authentication is an extra layer of security that adds an additional step to the login process. It requires a code sent to your phone or email in addition to your password. Enabling two-factor authentication on your Facebook account will make it more difficult for attackers to access your account even if they have your password.
- 4. Scan your computer for malware: It is possible that the malicious extension may have installed malware on your computer. Run a malware scan on your computer to detect and remove any malicious software.
- 5. Monitor your accounts: Keep a close eye on your Facebook account as well as other accounts that may have been linked to it, such as email or bank accounts. Look for any suspicious activity or unauthorized access.
- 6. Report the extension: Report the fake ChatGPT Chrome extension to Google by clicking on the three dots on the extension, then "Report abuse".
- 7. Educate yourself: Be wary of downloading extensions or software from untrusted sources. Always do your research and read reviews before installing anything on your computer or browser.
In conclusion, if you suspect that your Facebook account has been hijacked by a fake ChatGPT Chrome extension for malicious advertising, it is crucial to take action immediately to protect your personal information and prevent further damage. Follow the steps above to safeguard your accounts and devices from future attacks.
For more information on cyber security services, cyber forensic services connect with ANA Cyber Forensic Pvt Ltd. Call us at +91 - 9011041569
