HQ/EMEAFind out how we can help your business
Several fake ChatGPT Chrome extensions, like FakeGPT, have slowly been appearing in the wild. A new malicious strain could now target Facebook users and hijack their accounts. Researchers explained that the variant is an open-source material containing malicious code and targets thousands of individuals daily.
The newest fake ChatGPT variant has been available in the market since the early days of this month.
According to an investigation, the malicious developers named the new ChatGPT strain “Chat GPT for Google.” This new strain spread earlier this month through the Google search results for ChatGPT 4.
Researchers claimed the new version could steal Facebook session cookies and infect accounts upon infecting a target. Subsequently, the attackers receive the cookies via a GET request.
The campaign sends the cookie list as an AES-encrypted file within the X-Cached-KEY HTTP header value. This strategy allows the drive to ensure the cookies are clear with a deep packet inspection mechanism that could raise alarms.
Unfortunately, more than 9,000 users had already downloaded the FakeGPT extension when the Google Play Store removed it from public access.
An analyst noted that the new FakeGPT variant is from a genuine code and could perform one exclusive malicious operation. The operation starts by filtering Facebook-related cookies, encrypting the data with AES, and exfiltrating the encrypted data to an attacker-controlled server.
This operation could heavily impact users that fell victim to these attacks since the actors could use the profile for other malicious purposes. An example of a malicious act is that the attackers could use the infected profiles as a bot that promotes services and generates pages and ad accounts. The threat actors could also change the profile name and picture and collect private data.
The sudden rise of ChatGPT has been the perfect target for malicious actors to execute their attacks.
Therefore, users should be aware of the current trends and analyse the desired internet products before downloading. Users should also adopt security protection and detection services to thwart these attempts from threat actors.
