ChatGPT became a worldwide phenomenon in recent months. GPT-4 update created even more hype around it, bringing it on top of numerous newsletters. Such an opportunity could not be ignored by cybercriminals – and they stepped in with a malicious browser plugin that parasites on ChatGPT image. Reportedly, that plugin hijacks Facebook accounts of anyone who installs it.
Fake ChatGPT Plugin Spreads via Chrome Web Store
Chrome Web Store serves as a default place to get add-ons to your browser. This, however, creates a menace of flooding this service with malicious or just junky extensions. Filtering them out, as practice shows, is not an easy task. In some cases, malicious plugins manage to score 100,000+ downloads before being wiped from a store. Still, most of them are not immediately dangerous, as their functionality resembles adware or browser hijackers.
Fake ChatGPT plugin used the worst breaches present in Web Store, as well as in Google Ads. To promote the plugin, crooks who stand behind it purchased the sponsored advertising in Google Search results. It all ended up with victims seeing a link to install a malicious ChatGPT plugin on top of a search query. Being published in the Store on February 14, 2023, it started to bloom only a month later, after the mentioned advertising appeared. By March 22, Google managed to remove the plugin from the Web Store and toggle the advertisements down. However, over 2 million people already managed to install that malware – so it is a clue for understanding the scale of possible problems.
Malicious ChatGPT add-on hijacks Facebook accounts
Key thing that made this plugin so bad is the fact that it was aiming to hijack Facebook accounts. Even though it proceeds with giving your what it promised, the crime happens right after the plugin installation. That was done via collecting the cookies, which browser plugins have access to if the user gives corresponding permission. The exact plugin was offering “quick access to GPT chat”, thus it is not clear whether it may need user cookies. Still, that barely bothers people who want to get ChatGPT access in one click.
Cookies in web browsers act as a form of temporary info storage, which is needed for websites to remember the user’s choices, nickname, and other trivia details. Some websites store session tokens within cookies – and Facebook is among them. The risk here is that a third party can relatively easily parse these cookies and retrieve the session token. This, in turn, gives them full access to your account – and they will likely use it immediately. That is dictated by a usual session tokens expiration time – less than 24 hours. Seeing that your account sent numerous spam messages to your friends and posted scam offers or even extremist propaganda is at least embarrassing.
How to avoid malicious browser plugins?
It may be difficult to distinguish fraud at a glance, especially when Google promotes it to you. First and foremost, keep track of official announcements. If an organisation or company never claims to know about browser plugins or any other add-on, it will be a bad idea to trust the one you find online. Even seeing a huge number of downloads does not mean it is safe and legit – at least because the counter may be artificially boosted.
Controlling the permissions you give to add-ons is another possible remedy. Yet it also does not guarantee that the plugin will not misuse that privilege. For that reason, the best option is to use anti-malware software. A program that will detect malicious software by its behavior, regardless of its form, is an essential thing these days. Try out GridinSoft Anti-Malware – it works perfectly in protection against unusual threats, including browser plugins.
