This should be a warning to all of us to check twice or even thrice before clicking on something on the internet. Even though there are protection strategies and agencies that look for malware, we as users shouldn’t be so careless. However, we mustn’t forget that there are cybercriminals and actor threats that want to hack our accounts for various reasons. Also, there are some fraudulent ChatGPT apps even in Google Play Store that were pushing SpyNote malware into people’s gadgets. The CRIL says that there was an unofficial social media page devoted to ChatGPT that led users to malicious domains that automatically send information to the stealers, especially to Aurora, Lumma, and RedLine. Cyble Research and Intelligence Labs (CRIL) has already detected such cases in which ChatGPT was used to distribute malware. It’s no wonder that threat actors used it to hack accounts. The AI-tools quickly became popular, especially ChatGPT. Other Detected Examples of ChatGPT Misuse Moreover, they were even capable of creating fake admin accounts thanks to the stolen cookies. Using already hacked accounts to hack even more profiles. This was indeed a well-designed hijacking operation. However, these ads were promoted via already hacked Facebook accounts, mostly business Facebook accounts. The second fake ChatGPT browser extension is called ‘’Quick access to ChatGPT extension’’, which was promoted via Facebook ads. The Second Fake ‘’Quick access to Chat GPT extension’’ This fake extension was promoted on the social media platform. However, this fake ChatGPT browser extension wasn’t detected until the second fake ChatGPT browser extension appeared with the same intent - to steal Facebook accounts. Having more than 9000 installations in a short time is quite a huge success for cybercriminals, because it meant that over 9000 hacked Facebook accounts that were used mostly for extremist propaganda. The fake extension sent those cookies to the cybercriminals.The fake extension stole Facebook session cookies.Extension was downloaded from Official store.Person clicked on that malicious sponsored ad.Malicious sponsored search result was somewhere at the top of the search result.Malicious sponsored search result infiltrated into Google Search.Here how the hijacking of Facebook accounts happened in short: Those accounts were mostly used to promote extremist propaganda. Once they got Facebook cookies from those people still unaware what’s going on, the cybercriminals took control over their Facebook account, changed passwords and profile name and pictures. After capturing Facebook cookies, it exfiltrated, and then encrypted them before sending them to a remote server. However, this extension had the ability to capture Facebook cookies from all those who installed this fake extension. This fake ChatGPT Chrome Browser Extension was promoted as an add-on which will enhance ChatGPT search engines.
People weren’t suspicious about this extension, and in a short time, there were 9000 installations.
#GIPHY CAPTURE CHROME EXTENSION INSTALL#
In other words, they infiltrated malicious sponsored ads that will lead people to install this fake extension. So, let’s see how threat actors did that.Ĭybercriminals, or better to say threat actors, managed somehow to put ChatGPT Chrome Browser Extension on the official Web Store. This time, they created a fake ChatGPT Chrome Browser Extension and hacked numerous Facebook accounts.
#GIPHY CAPTURE CHROME EXTENSION HOW TO#
It seems that cybercriminals don’t lack ideas on how to hack people’s accounts.
0 kommentar(er)
