ChatGPT hacker extension for Chrome stole Facebook user accounts

According to Guardio Labs researcher Nathi Thala, Facebook users have been targeted by a malicious Chrome browser extension. The hackers created a fake extension of the most popular artificial intelligence, but it had nothing to do with ChatGPT except for the name.

«The Chrome extension, which supposedly provides quick access to ChatGPT features, was found to hijack Facebook user accounts and install hidden backdoors,» Tal said. The malicious extension invisibly installs a special application that grants attackers super-administrator permissions.

Why would hackers hijack Facebook accounts? Often, hijacked user pages are used as bots by attackers, publishing paid posts. In his blog post on Medium, Nathi Tal also suggested that after the attackers gain access to user accounts, they «probably sell them to other hackers who offer the highest price.»

It is known that the malicious extension appeared in Chrome on March 3, 2023, and has since been installed by more than 2,000 users. The extension has now been removed from the Chrome Web Store. However, this does not mean that it will not reappear — from other attackers, under a different name, or in other browsers.