Hackers have used ChatGPT brand to take over Facebook accounts

Photo (c) Bill Hinton - Getty Images

Users were offered a fake Chrome extension that was a pathway for malicious content

When the artificial intelligence (AI) platform ChatGPT burst into public consciousness early in the year, cybersecurity experts warned it wouldn’t be long before the bad guys made use of it. They were right.

In a recent post, Nati Tal, head of Guardio Labs, warns that hackers have hidden fake ChatGPT functionality inside a Chrome browser extension. Hackers entice Facebook users to load the extension using ads on the platform.

Once the extension has been loaded, it gives hackers the ability to hijack Facebook accounts and give them nearly complete control, including “super-admin permissions.”

Tal says his company's research found that the fake extension is being used to target well-known Facebook business accounts. Once in control, the hackers can create Facebook bots and other malicious items.

In his post, Tal said his team has uncovered “endless” campaigns abusing the ChatGPT brand, distributing malware and phishing for credit cards.

“On 3/3/2023, our team detected a new variant of a malicious fake ChatGPT browser extension, part of a campaign started in early February with several other ChatGPT branded malicious extensions,” Tal wrote. “This time upgraded with a threatening technique to take over your Facebooks accounts as well as a sophisticated worm-like approach for propagation.”

Guardio researchers found the "Quick access to Chat GPT" extension was downloaded as many as 2,000 times per day since March 3. The company says it was pulled by Google from the Chrome Web Store on March 9.

'Quick access to ChatGPT'

The fake extension, identified as “Quick access to ChatGPT,” was offered as a quick way to get started with ChatGPT directly from your browser. Guardio says the extension does, in fact, provide that. However, it also “harvests” as much data as it can from your browser. It steals “cookies of authorized active sessions to any service you have, and also employs tailored tactics to take over your Facebook account.”

The takeaway, says Tal, is web users must be even more careful than in the past. Hackers have managed to stay one step ahead of major players like Google so individuals have to take precautions to protect themselves.

“These activities are, probably, here to stay,” Tal concludes. “Thus we must be more vigilant even on our day-to-day casual browsing — don’t click on the first search result, and always make sure you won’t click on sponsored links and posts unless you are pretty sure who is behind them!”

Take an Identity Theft Quiz. Get matched with an Authorized Partner.