A second damaging ChatGPT extension for Google Chrome has been uncovered, permitting cybercriminals to infiltrate users’ Facebook accounts by acquiring cookies. The extension was found by Guardio Labs and was downloaded over 9,000 times before being removed from the Chrome store. It was advertised through Google-sponsored search results targeting individuals interested in OpenAI’s Chat GPT4 algorithm. The malware takes advantage of the Chrome Extension API to seize session cookies, giving hackers full access to the victims’ Facebook accounts.
This discovery follows the identification of another harmful extension earlier this month, which targeted Facebook Business accounts and affected thousands of users daily. The previous malicious extension was downloaded by a minimum of 2,000 individuals per day from the Google Play app store between March 3 and March 9. When the extension gained access to a Facebook Business account, it immediately collected all relevant data, including ongoing promotions, available credit, currency, minimum billing threshold, and any linked credit facilities.
Malicious Chrome Extensions – The issue with malicious Chrome Extensions has become a growing threat in recent years, as cybercriminals increasingly exploit this popular browser platform to target unsuspecting users. By designing extensions that appear legitimate and useful, attackers can easily trick users into installing these malicious tools, which can then access sensitive information, hijack accounts, or even control users’ online activities. The discovery of harmful ChatGPT extensions is just one example of this alarming trend. As a result, both users and developers must remain vigilant and exercise caution when installing and using browser extensions.