According to a report, it was revealed that a bogus plugin for the Chrome browser that was branded with the name ChatGPT had the potential to take over Facebook accounts and create rogue admin accounts.
It demonstrates one of the strategies that fraudsters employ in order to spread malware. On the 9th of March, 2023, Google has withdrawn the “Quick access to Chat GPT” extension from the Chrome Web Store. As of the 3rd of March, 2023, it was stated that this extension attracted 2,000 new installations each and every day. The plugin gave the hackers the ability to promote Facebook adverts paid for by Facebook at the expense of its victims in a manner similar to that of a worm.
While the browser add-on did offer users the ability to connect to the ChatGPT service, its primary purpose was to covertly collect cookies and information related to Facebook accounts while simultaneously masquerading as a legitimate user session. Marketing for the add-on was done through sponsored posts on Facebook.
The threat actor creates an elite army of Facebook bots and destructive paid media by hijacking important Facebook business accounts.
This was made possible by deploying two fake Facebook applications known as portal and msg king in order to maintain backdoor access and obtain full control over the profiles that were the targets. The process of adding applications to Facebook accounts is performed entirely automatically.
After that, the virus is promoted through the infected Facebook business profiles, which leads to the further spread of the scam and an increase in the number of accounts that have been compromised.
Since its release toward the end of the year before last, threat actors have taken advantage of the immense popularity of OpenAI’s ChatGPT by developing fake versions of the artificial intelligence chatbot and persuading users who aren’t paying attention to download and install them.
The previous month, Cyble made public a social engineering scheme in which they directed visitors to an unofficial ChatGPT social networking website to malicious URLs where they could download information stealers such as RedLine, Luma, and Aurora. The scheme was publicized by Cyble.