Cybersecurity firm Guardio made a discovery that a fake Chatgpt browser extension named “Quick Access to Chat GPT” has created a method to propagate itself. It works in a worm-like manner by taking over user Facebook accounts. This extension does not just spread but also steals all cookies, including security and session tokens, from the browser’s storage, such as YouTube, Google accounts, and Twitter.
The innovator of this fake Chatgpt extension promoted it as a tool to enable users to get quick ingress to the renowned ChatGPT bot directly from their browser. Additionally, they even connected users to the legitimate ChatGPT application programming interface (API).
Attack operators focused on users who had high-profile Facebook business accounts and took over these accounts to allow their self-replicating bot army to advertise itself using the victim’s business account funds.
Researchers found this attack to be sophisticated, with the threat actors ensuring that the extension delivered what it promised in the description. Once installed, a popup window appears in the browser, allowing users to prompt ChatGPT as advertised.
However, researchers also noted that the extension’s integration with the user’s browser could raise suspicions. It enables the extension to send requests to any other service as if the browser owner initiated them.
Stay safe on the internet, read our Cybersecurity guide to get started.
Story credits Tom’s guide
