According to security researchers at Guardio Labs, who discovered the so-called “FakeGPT”, the end result is an extension that looks and behaves exactly like ChatGPT from the user’s perspective.
The malicious extension – Chat GPT For Google (note the wrong spacing in the chatbot’s name) – is very similar to the name and code of the genuine ChatGPT For Google extension. In fact, the bogus extension is based on the same open source project used by the current ChatGPT for Google engine – all the scammers have to do is add a few lines of stolen code cookies.
Researchers say cookie thieves are pushing fake add-ons through malicious, sponsored Google search results for “GPT Chat 4,” taking advantage of users wanting to try a session Latest version of chatbot.
And since the scam extension is offered in the official Chrome store, users can assume it’s the real thing. Bravo for this management process, Google.
“Based on version 1.16.6 of the open-source project, this variant of FakeGPT only performs a specific malicious action, immediately after installation, and the rest is essentially the same as the genuine code – no reason. There is no reason to doubt,” said Nati Tal, head of the Guardio Labs team.
This particular malicious action is to filter Facebook-related cookies from the full list obtained through the Chrome Extensions API. The derivative also encrypts the cookie list using AES and smuggles the stolen candy back to the attacker’s command and control server hosted on the worker.dev service.
This is notable because this is the service used with the original FakeGPT variant that Guardio Labs also discovered. This precedent allows attackers to hijack a business’ Facebook account under the guise of the ChatGPT Chrome extension.
After stealing cookies, bad guys can modify account login details to lock down real users and use hacked sites as advertising bots or to spread extremist propaganda. The latest example of cybercriminals jumping on the ChatGPT hype group illustrates how “ChatGPT’s brand abuse and popularity continue to grow, not just used to collect Facebook accounts and not just with masquerading malicious extensions for Chrome,” according to Tal.
While some scammers can use AI to develop polymorphic malware, most won’t need to work as hard. All it takes is a trendy new tech tool and trick someone into clicking a malicious link or downloading bogus apps or extensions.