The security and privacy of our applications and platforms on the PC are a key element in keeping our information safe. We never know where the attack that puts our own online services at risk, as is now the case with Facebook, can come from.
It is more than likely that many of us have accounts on various social networks that we also access through the popular Google Chrome. To all this, we must add the enormous growth that the different platforms related to Artificial Intelligence are having lately, with ChatGPT at the forefront. Well, we must keep a sharp eye out because taking advantage of the enormous use of this set of applications and platforms, we can be victims of an attack.
We tell you all this because it may be the case that our popular Facebook account is in danger right now. We will explain the reason for this below and it may be caused by a malicious installation in Chrome. We say all this because a malicious extension similar to the legitimate one of ChatGPT for Google has been detected. Little by little, it is gaining popularity in the official browser store, the Chrome Web Store, accumulating thousands of downloads.
We must keep in mind that the main objective of this malicious extension that we install in Chrome is to steal Facebook accounts. To begin with, we will tell you that we are talking about a software element that we added to the Google browser that is actually a copy of the legitimate version of ChatGPT for Google. As you can imagine, the original offers us the integration of AI in the search results that we do from here.
Beware of this malicious ChatGPT extension for Chrome
Another very different thing is the malicious version mentioned. The reason for this is that it includes additional code that tries to steal Facebook’s session cookies. This would allow the attacker to steal our social network account by being able to access it with our credentials, once stolen.
It is worth mentioning that its creators uploaded this malicious software to the Chrome Web Store on February 14, 2023. From there they began to promote it with Google Search ads, having thousands of installations. It is made known through ads in Google results when searching for ChatGPT 4. Thus, by clicking on sponsored results, users are taken to a page that allows us to install the malicious extension in Chrome.
Once the victim installs the extension, they get the promised functionality, i.e. integration of ChatGPT into searches, since the legitimate extension code is present. But it also tries to steal login cookies from Facebook accounts. The malware uses the Chrome API to get a list of Facebook-related cookies and encrypts them using an AES key. Data that is sent to the attacker’s server in order to steal our social network account.
With the stolen cookies, the Facebook sessions of the victims can now be hijacked and thus carry out multiple malicious tasks. In addition, the malware automatically changes the login details of infected accounts to prevent victims from regaining control of their Facebook.