Security News > 2023 > March > Bogus ChatGPT extension steals Facebook cookies

Google has removed a ChatGPT extension from the Chrome store that steals Facebook session cookies - but not before more than 9,000 users installed the account-compromising bot.

The malicious extension - Chat GPT For Google - is very similar in name and code to the real ChatGPT For Google extension.

The phony extension is based on the same open source project used by the actual ChatGPT For Google tool - all the fraudsters had to do was add a few lines of cookie-stealing code.

The end result is an extension that looks and acts just like ChatGPT from a user's perspective, according to Guardio Labs security researchers, which discovered the so-called "FakeGPT.".

That one specific malicious action is to filter Facebook-related cookies from the full list acquired via the Chrome Extension API. The forked code also encrypts the cookies list with AES, and smuggles the stolen sweets back to the attacker's command-and-control server hosted on the workers.

That earlier one allowed attackers to hijack business Facebook accounts under the guise of a ChatGPT Chrome extension.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/03/23/chatgpt_fake_chrome_extension/