Fake ChatGPT for Google extension hijacks Facebook accounts

2023-03-23 14:29

A new Chrome extension promising to augment users' Google searches with ChatGPT also leads to hijacked Facebook accounts, Guardio Labs researchers have found.

In this case, when searching for ChatGPT via Google Search, users are served with a malicious sponsored ad that first redirects them to a fake ChatGPT for Google landing page, and then to the malicious extension on the official Chrome Store.

From fake ChatGPT extension to hijacked Facebook account.

Attack flow from Google Search to compromised Facebook accounts.

The extension abuses the Chrome Extension API to get a list of Facebook-related session cookies.

According to Guardio Labs, the extension has been downloaded over 9000 times before Google removed it from the Chrome Store.

News URL

https://www.helpnetsecurity.com/2023/03/23/chatgpt-hijacked-facebook/

#chatgpt #facebook #google #hijacks

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Google		141	994	4851	2756	1634	10235
Facebook		30	2	44	52	19	117