 |
| ChatGPT Fack plugin that's stealing your Facebook login |
ChatGPT Fack plugin that's stealing your Facebook login
According to Guardio Labs researcher Nati Tal, the extension was propagated through malicious sponsored Google search results that were designed to redirect unsuspecting users searching for "Chat GPT-4" to fraudulent landing pages that point to the fake add-
on.hackers have created a Chrome-based browser plugin that claims to give quicker access to ChatGPT without having to go through the OpenAI website. The reason why this plugin is so convincing is that it does allow you to converse with ChatGPT. However, as you are doing this, the malware within the plugin is taking from your browser, stealing cookies of authorized, active sessions to any service you have, and employing tailored tactics to take over your Facebook account.
The hackers are using this plugin specifically to target the Facebook profiles of high-end businesses, hoping to get as much information as they can. They do this by using the hijacked profiles to spread more malware, launch bot accounts and post sponsored content using the account’s advertising credits.
However, don't think you couldn't be a target too. By hacking into your Facebook account, criminals could access personal information to impersonate or steal your identity. It could also result in financial loss if you have linked your credit card or other financial information to your Facebook account. The hacker could use this information to make unauthorized purchases or transactions. Even worse, the attacker could use your stolen Facebook login to send phishing emails or messages to your friends and family, convincing them to provide personal information or money.
HOW HACKERS ARE USING CHATGPT TO CREATE MALWARE TO TARGET YOU
The "ChatGPT For Google" extension, a trojanized version of a legitimate open source browser add-on, attracted over 9,000 installations since March 14, 2023, prior to its removal. It was originally uploaded to the Chrome Web Store on February 14, 2023.
Targeting Facebook accounts
The malicious extension is promoted via advertisements in Google Search results, which are prominently featured when searching for "Chat GPT 4."
Clicking on the sponsored search results takes users to a fake "ChatGPT for Google" landing page, and from there, to the extension's page on Chrome's official add-on store.
After the victim installs the extension, they get the promised functionality (ChatGPT integration on search results) since the legitimate extension's code is still present. However, the malicious add-on also attempts to steal session cookies for Facebook accounts.
Upon the extension's installation, malicious code uses the OnInstalled handler function to steal Facebook session cookies.
These stolen cookies allow the threat actors to log in to a Facebook account as the user and gain full access to their profiles, including any business advertising features.
The malware abuses the Chrome Extension API to acquire a list of Facebook-related cookies and encrypts them using an AES key. It then exfiltrates the stolen data via a GET request to the attacker's server.
"The cookies list is encrypted with AES and attached to the X-Cached-Key HTTP header value," explains the Guardio Labs report.
"This technique is used here to try and sneak the cookies out without any DPI (Deep Packet Inspection) mechanisms raising alerts on the packet payload."
The threat actors then decrypt the stolen cookies to hijack their victims' Facebook sessions for malvertizing campaigns or to promote banned material like ISIS propagand.
Happy Learning ❤
0 Comments