When the extension is installed, malicious malware steals Facebook session cookies using the OnInstalled handler function. The malicious add-on does make an effort to harvest Facebook session cookies, though. The real extension’s code is still present after the victim installs the extension, so they receive the advertised functionality (ChatGPT integration on search results). When visiting a phony “ ChatGPT for Google” landing page, users can access the extension’s page on the legitimate Chrome add-on store by clicking on the sponsored search results. Mert SARICA MaMalicious Malware Steals Facebook Session Cookies "A trojanized version of the legitimate ChatGPT extension for Chrome is gaining popularity on the Chrome Web Store, accumulating over 9,000 downloads while stealing Facebook accounts." While looking for “Chat GPT 4,” Google Search results prominently display adverts that promote the malicious plugin.įacebook accounts hijacked by new malicious ChatGPT Chrome extension The operators kept it on the Chrome Web Store as a fallback in case the original extension was reported and taken down. A similar Chrome add-on that collected 4,000 installations before Google deleted it from the Chrome Web Store earlier this month is connecting with the same infrastructure, according to the researcher who identified it, Nati Tal of Guardio Labs.Īs a result, this new edition is seen as being a part of the same campaign. Since then, it has seen 1,000 installations on average per day. The extension’s creator published it to the Chrome Web Store on February 14, 2023, but began utilizing Google Search adverts to advertise it on March 14, 2023. The malicious version, however, also contains extra code that tries to collect Facebook session cookies. The extension is a clone of the genuine “ ChatGPT for Google” Chrome add-on, which integrates ChatGPT with search results. Around 9,000 people have downloaded a trojanized version of the genuine ChatGPT plugin for Chrome from the Chrome Web Store, hijacking Facebook accounts in the process.
0 kommentar(er)
