A fake Chrome browser extension that used OpenAI’s ChatGPT service to gather Facebook session cookies and take over user accounts has been removed by Google from the official Web Store.
Prior to being removed, the “ChatGPT For Google” extension had amassed over 9,000 installations since March 14, 2023.
It was a trojanized version of an authentic open-source browser add-on. On February 14, 2023, it was initially posted on the Chrome Web Store.
Installing the extension activates the covert capability to secretly enable the ability to harvest Facebook-related cookies and exfiltrate them to a remote server in an encrypted way in addition to adding the functionality that was promised, i.e., augmenting search engines with ChatGPT.
Once the threat actor has the victim’s cookies, they proceed to take over the victim’s Facebook account, change the password, change the name and photo of the profile, and even use it to spread extremist propaganda.
It is now the second bogus ChatGPT Chrome browser extension to be found in the wild as a result of the development.
Sent through sponsored posts on the social media site, the other extension likewise served as a Facebook account thief.
