Chat Generative Pre-trained Transformer (ChatGPT) is now available on the official Google Chrome store as a browser extension, giving you easy access to this sophisticated chatbot. How exciting does that sound? Read the full story here.
Twenty-thousand downloads and thousands of Business Facebook accounts compromised, all from one “legitimate fake” extension
That’s right, a fake ChatGPT-based extension that was available for download from the official Google store gave legitimate easy access to ChatGPT but at the same time gave backdoor access to malware for gaining authorization over thousands of Facebook Business accounts.
What can this ChatGPT extension do to your browsers?
Extensions are risky for browsers because of their ability to steal user credentials, browsing data, cookies, and so on. This fake ChatGPT extension is the perfect example of a malicious extension that can easily bypass your browsers to harvest personal data. This “legitimate fake” browser extension is designed to harvest data from Facebook Business accounts. This extension has also stolen browser cookies, including session tokens from Google, Twitter, YouTube, and other active services.
How does the attack take place?
-
Multiple users wanting to easily access ChatGPT from any website installed an extension from the official Google Chrome store without knowing it was a malicious extension.
-
On installing the extension, browser metadata and cookies are compromised. The users, unaware of the compromise, continue to utilize this extension with their Facebook Business account active in the background.
-
The extension accesses Meta’s Graph API to seize data from the Facebook Business accounts. Meta’s Graph API requires a request from an authenticated user and also a trusted origin to access Facebook. To bypass this situation, cybercriminals included a malicious code in the extension that modifies headers in all the requests sent to Facebook from the user’s browser.
-
It is difficult to obtain full admin control in a user’s account without harvesting their credentials. This is why cybercriminals registered the extension as an app in the user’s account to gain full admin access.
-
Cybercriminals identified Facebook Business accounts and collected all confidential data associated with the accounts, including currently active promotions, credit balances, currencies, minimum billing thresholds, and bank details of the businesses.
What’s next?
Once the data is collected, the extension sends it to the command-and-control server according to its relevancy and data type. Cybercriminals might sell this data or even use these compromised Facebook accounts to post malicious advertisements. These compromised accounts can then be used as bots to compromise more accounts, leading to a bot army.
Not the first time!
This isn’t the first time that we’ve heard news regarding malicious browser extensions. Fake and malicious extensions have been making the rounds for a long time now. Earlier in 2022, millions of users were attacked by malware that was hidden in the form of extensions. With thousands of Facebook Business accounts compromised, these type of extensions can eventually steal other credentials and segue into a major cyberattack.
Is there a way out?
Definitely yes! You can stay a step ahead of these malicious extensions with the help of ManageEngine Browser Security Plus.
Here is how you can ensure a safe browsing experience from malicious extensions:
-
Security insights are crucial in managing a network. Gain holistic insights about the extensions installed in your browsers.
-
Swiftly discover potentially harmful extensions and remove them from your browsers at once.
-
Allow enterprise-approved extensions and block all other unwanted extensions.
To learn more about seamlessly managing extensions in your network, visit here!
With Browser Security Plus, you can make your browsers a safe space in your enterprise network. It has a plethora of security features that can help you easily secure and manage multiple browsers across your network. Enjoy a 30-day, free trial and eliminate browser threats.