A malicious Chrome browser extension branded as ChatGPT has been discovered to hijack Facebook accounts and create rogue admin accounts. This highlights one of the different methods cyber criminals are using to distribute malware.
Guardio Labs researcher Nati Tal warns that by hijacking high-profile Facebook business accounts, the threat actor creates an army of Facebook bots and a malicious paid media apparatus.
The extension, named “Quick access to Chat GPT,” has been pulled by Google from the Chrome Web Store as of March 9, 2023, after attracting 2,000 installations per day since March 3, 2023.
The browser add-on is promoted through Facebook-sponsored posts and surreptitiously harvests cookies and Facebook account data through the use of two bogus Facebook applications – portal and msg_kig – to maintain backdoor access and obtain full control of the target profiles.
The hijacked Facebook business accounts are then used to advertise the malware, propagating the scheme further and expanding the collection of compromised accounts.
This development follows a social engineering campaign that relied on an unofficial ChatGPT social media page to direct users to malicious domains that download information stealers, and fraudulent ChatGPT apps distributed via the Google Play Store and other third-party Android app stores pushing SpyNote malware onto people’s devices.