The ChatGPT fever has driven many companies to integrate the popular AI into their services and applications. This has opened the door to hackers trying to trick users posing as the popular chatbot to steal their information. An example of this is «Quick access to Chat GPT», a Chrome extension that promises an access to the artificial intelligence of OpenAI while accessing your Facebook account.
In accordance with The Hacker Newsthe Chrome extension can hijack your access to Facebook and create unauthorized administrator accounts. With them, drives paid ads on the social network to promote your installation, which will be charged to the user’s account. While it allows access to the chatbot via a connection to the ChatGPT API, the affected person does not know that the plugin collects all their informationincluding cookies from active sessions to any service.
According to Nati Tal, director of Guardio, “Quick access to Chat GPT” is installed as a Chrome plugin that triggers a shortcut to the chatbot via a pop-up window. The goal is to keep the user busy with ChatGPTwhile enabling background data collection.
According to Tal, the attacker can access all browser cookies, including tokens of security and session for Google, Twitter, YouTube, etc. Added to that, the extension’s second mission is to obtain your information from Facebook through calls to the Graph API. In this way, the hacker will discover if you have a commercial page or an active ad campaign.
Hackers seek to steal your Facebook data by posing as ChatGPT
The researchers discovered that the fake extension integrates a module that connects to malicious Facebook applications, which will activate the necessary permissions to take control of the account. Once achieved, the attacker will run ad campaigns on the social network to promote the extension. Just like a worm, the Chrome plugin will search for infect other computers with the promise of accessing ChatGPT from the browser.
Guardio discovered the bogus extension thanks to an effort to hunt down applications that use the name “ChatGPT” to deceive users. After conducting the investigation and notifying Google about the danger, the technology removed it from the Chrome Web Store. The problem is that it took six days to do it, so more than four thousand people infected their browser exposing their personal information.
The recommendation in these cases is not to completely trust any advertising, especially when it comes to Facebook. One of the big problems with this social network is the amount of junk ads it allows. Attackers take advantage of people’s ingenuity to steal their personal information with promises of access to discounts, or in this case, the trending app.
He malware in browser extensions it’s a problem that dates back to the early days of the Chrome Web Store. Just like we see in Android apps, plugins use trade names (such as AdBlock or uBlock) to confuse the user. Upon settling in, they will have full access to the content of any page that is loaded.
If you want to use ChatGPT, you can do it through the official website or through Bing. In the latter it is necessary to use your Microsoft account and sign up for the testing phase, since access is limited.