Google removes fake ChatGPT Chrome extension from Web Store
Google has removed a fake Chrome browser extension called “ChatGPT For Google” from its Web Store after it was discovered to be a phishing tool designed to mimic OpenAI’s ChatGPT service. Since its release on February 14, 2023, the extension has been downloaded over 9,000 times.
The malicious extension was spread via sponsored Google search results, which redirected users to fraudulent pages selling the bogus add-on. Nati Tal, a researcher at Guardio Labs, discovered the phishing campaign, which has targeted thousands of people per day since March 14, 2023.
After being installed, the extension improved search engines by incorporating ChatGPT, while also gathering Facebook-related cookies and sending them encrypted to a remote server. Hackers used the cookies they obtained to manipulate Facebook accounts, changing passwords, profile names, and images, and promoting extremist content.
Another fraudulent ChatGPT Chrome browser extension has been discovered. It, like the previous extension, served as a tool for stealing Facebook accounts and was distributed via sponsored posts on the social media platform.
The malicious “Chat GPT For Google” extension was created from version 1.16.6 of an open-source project that has grown in popularity in recent months. The open-source project’s goal was to contribute to the developer community and share knowledge. Guardio Labs researchers discovered, however, that bad actors could easily manipulate and exploit it for nefarious purposes.
The FakeGPT variant makes use of the OnInstalled handler function to ensure that users see the options screen when attempting to log in to their OpenAI account. However, it steals the users’ session cookies at this point. The malicious extension was distributed through malicious sponsored Google search results rather than sponsored Facebook posts. Users were redirected to bogus landing pages that advertised ChatGPT in their search results.
The sources for this piece include an article in TheHackerNews.