The ChatGPT fever has prompted many companies to integrate the popular AI into their services and applications. This opened the door to hackers are trying to trick users impersonating a popular chatbot to steal their information. An example of this is “GPT Chat Quick Access” Chrome extension that promises access to OpenAI artificial intelligence when accessing your Facebook account.
In accordance with Hacker NewsChrome extension can hijack your Facebook access and create unauthorized administrator accounts. With them, Runs paid social media ads to promote your install, which will be withdrawn from the user’s account. Although it allows you to access the chatbot through a connection to the ChatGPT API, the affected person is unaware that the plugin collects all of their informationincluding cookies from active sessions of any service.
According to Nati Tal, director of Guardio, “GPT Chat Quick Access” installs as a Chrome plugin that launches a shortcut to the chatbot via a pop-up window. The goal is to keep the user busy with ChatGPT.when background data collection is enabled.
According to Tal, an attacker can access all browser cookies, including tokens security and a session for Google, Twitter, YouTube, etc. On top of that, the extension’s second job is to get your information from Facebook via Graph API calls. In this way, the hacker will detect if you have a commercial page or an active advertising campaign.
Hackers are trying to steal your Facebook data by impersonating ChatGPT
The researchers found that the fake extension integrates a module that connects to malicious Facebook applications and activates the necessary permissions to manage the account. Once reached, the attacker will run advertising campaigns on the social network to promote the extension. Like a worm, the Chrome plugin will look for infect other computers with the promise of access to ChatGPT from a browser.
Guardio discovered the fake extension in an attempt to track down applications using the “ChatGPT” name to deceive users. After investigating and notifying Google of the danger, the technology removed it from the Chrome Web Store. The problem is that it took six days, so more than four thousand people infected their browser by exposing their personal information.
In these cases, it is recommended not to fully trust any advertisement, especially when it comes to Facebook. One of the big problems with this social network is the amount of unwanted ads it allows. Attackers take advantage of people’s ingenuity to steal their personal information by promising access to discounts or, in this case, a popular app.
He malware in browser extensions this is an issue that dates back to the early days of the Chrome Web Store. As with Android apps, plugins use trade names (such as AdBlock or uBlock) to confuse the user. Settling down they will have full access to the contents of any loaded page.
If you want to use ChatGPT, you can do so through the official website or through Bing. In the latter, you need to use your Microsoft account and sign up for the testing phase, since access is limited.
Source: Hiper Textual
I am Garth Carter and I work at Gadget Onus. I have specialized in writing for the Hot News section, focusing on topics that are trending and highly relevant to readers. My passion is to present news stories accurately, in an engaging manner that captures the attention of my audience.
