Fake ChatGPT browser extension is hijacking Facebook accounts — how to keep yours safe
The dangerous extension promises access to the chatbot but all it does is steal your data
ChatGPT's ever-increasing popularity means more and more people want to try out the innovative chatbot. Which, in turn, makes them attractive target for cybercriminals.
While fake ChatGPT apps were recently used to spread malware and steal passwords, this time around, hackers are using a browser extension called “Quick access to Chat GPT” as a lure to dupe unsuspecting users, according to a new blog post from the online privacy firm Guardio.
Unlike those fake ChatGPT apps though, the extension, which has since been removed from the Chrome Web Store, does actually give users access to the chatbot. However, in doing so the extension also steals all of the cookies stored in your browser, including security and session tokens for services like YouTube, Twitter and even your Google account.
With this information in hand, the hackers behind the extension can steal your passwords and access your online accounts, though Facebook accounts is what the extension is really after.
Targeting high-profile Facebook business accounts
As CyberNews reports, the hackers behind the extension are paying close attention to users that have high-profile Facebook business accounts. This makes sense as attackers often go after both Facebook business and LinkedIn accounts due to how valuable they can be.
Besides having their Facebook hacked, users that download the extension will have their accounts on the social network hijacked by bots who use it to spread “Quick access to Chat GPT” even further.
To make matters worse, the hackers behind this campaign have even found a way to bypass Facebook’s security by renaming requests to its servers made through Meta’s Graph API. This allows them to manage a victim’s “connected WhatsApp and Instagram accounts” according to Guardio’s security researchers.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
Since so much of our work and daily lives now takes place within a web browser, you need to be extremely careful when downloading and installing new browser extensions. Just like with malicious apps, bad extensions do manage to slip through the cracks from time to time. This is why you should always look at an extension’s rating and reviews on the Chrome Web Store before downloading it. However, you should also look for external reviews on other sites or even video reviews that show an extension in action before you click “Add to Chrome”.
How to safely and securely access ChatGPT
Hackers are well aware of the latest trends as they use them to create new phishing campaigns and other cyberattacks. Normally, they try to instill a sense of urgency to get you to click or download something but in this case, ChatGPT has done their work for them.
If you do want to get ahead of the line and get early access to ChatGPT, the only way to do so is by signing up for ChatGPT Plus for $20 a month or by meeting all of the requirements to get early access to Microsoft’s Bing with ChatGPT.
As for browser extensions for ChatGPT, there isn’t an official one yet. In fact, you can currently only access OpenAI’s chatbot online at “chat.openai.com”. This may change in the future but when it does, there will be plenty of announcements and news articles about a new way to access ChatGPT.
If you’re the kind of person who just can’t wait and is looking for quick ways to access ChatGPT, you probably want to make sure that the best antivirus software is installed on your PC or the best Mac antivirus software on your Apple computer. This way, if you come across a scam like the one detailed above, you’ll be safe from malware and other viruses.
Until ChatGPT can be accessed by anyone without having to join a waitlist or wait in a queue, hackers will likely continue to come up with new ways to use the popular chatbot as a lure.
More from Tom's Guide
Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.