Fake ChatGPT Chrome Extension Hijacking Facebook Accounts for Malicious Advertising
source-www.thehackernews.com

Fake ChatGPT Chrome Extension Hijacking Facebook Accounts for Malicious Advertising

A fake ChatGPT-branded Chrome browser extension has been found to come with capabilities to hijack Facebook accounts and create rogue admin accounts, highlighting one of the different methods cyber criminals are using to distribute malware.

"By hijacking high-profile Facebook business accounts, the threat actor creates an elite army of Facebook bots and a malicious paid media apparatus," Guardio Labs researcher Nati Tal?said?in a technical report.

"This allows it to push Facebook paid ads at the expense of its victims in a self-propagating worm-like manner."

The "Quick access to Chat GPT" extension, which is said to have attracted 2,000 installations per day since March 3, 2023, has since been pulled by Google from the Chrome Web Store as of March 9, 2023.

The browser add-on is promoted through Facebook-sponsored posts, and while it offers the ability to connect to the ChatGPT service, it's also engineered to surreptitiously harvest cookies and Facebook account data using an already active, authenticated session.

This is achieved by making use of two bogus Facebook applications – portal and msg_kig – to maintain backdoor access and obtain full control of the target profiles. The process of adding the apps to the Facebook accounts is fully automated.

The hijacked Facebook business accounts are then used to advertise the malware, thereby propagating the scheme further and effectively expanding the collection of compromised accounts.

No alt text provided for this image

The development comes as threat actors are capitalizing on the massive popularity of OpenAI's ChatGPT since its release late last year to create fake versions of the artificial intelligence chatbot and trick unsuspecting users into installing them.

Last month, Cyble?revealed?a social engineering campaign that relied on an unofficial ChatGPT social media page to direct users to malicious domains that download information stealers, such as?RedLine,?Lumma, and?Aurora.

Fraudulent ChatGPT apps distributed via the Google Play Store and other third-party Android app stores have also been spotted pushing?SpyNote malware?onto people's devices.

CHESTER SWANSON SR.

Next Trend Realty LLC./wwwHar.com/Chester-Swanson/agent_cbswan

1 年

Thanks for Posting.

要查看或添加评论,请登录

社区洞察

其他会员也浏览了