The fake extension uses the Chrome Extensions API to steal active cookies for Facebook accounts and send their data to attackers’ servers. With this data, hackers can gain access to Facebook accounts, change account information, and turn victim profiles into fake profiles that are used to spread malicious ads and extremist propaganda.
The company said the attackers took advantage of the huge popularity of the chatbot to lure their victims. The attackers worked to spread the malicious add-on through advertisements that appeared to those who searched for “ChatGPT 4”, inviting them to try its latest version.
According to the company, the malicious extension has been downloaded more than 9,000 times since it appeared on February 14. She stated that what makes the plugin certain is that it works correctly. The attackers developed a malicious add-on based on the source code of a similar legitimate add-on available in open source.
The company added that the extension was still available on the Chrome Web Store from February 14 to March 22, when Google removed the extension from its store immediately after it was discovered.
