Fake ChatGPT extension for Chrome targets Facebook accounts: Report

A malicious version of the ChatGPT extension for Chrome based on an open-source product was found stealing Facebook account details 

March 23, 2023 01:13 pm | Updated 02:37 pm IST

A fake ChaptGPT Chrome extension was found to be targeting Facebook accounts.

A fake ChaptGPT Chrome extension was found to be targeting Facebook accounts. | Photo Credit: Reuters

A fake ChaptGPT Chrome extension was found to be targeting Facebook accounts. Attackers had copied the legitimate add-on for Chrome named “ChatGPT for Google” that offered integration in search results. The malicious version has an additional code to steal Facebook session cookies, according to a report by cybersecurity firm Guardio.

Threat actors just forked and edited a well-known open-source project to target users, and the campaign was already hitting thousands a day, the report said.

The campaign was aimed at hijacking Facebook accounts turning them into “Lily Collins” clones and bots to be then used to promote malicious activities, even sharing ISIS propaganda.

The malicious campaign was found to be pushed using sponsored Google search results rather than sponsored Facebook posts, the report said.

(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)

Based on the open-source project, the fake ChatGPT extension was found to do only one specific malicious action right after installation leaving the rest of the genuine code untouched to avoid suspicion.

The misuse of ChatGPT’s brand gained popularity after OpenAI granted access to developers to integrate ChatGPT API into their apps and products.

Extensions for Chrome and other major services from Facebook, Google, and other companies are facing continuous attacks and abuse while users continue to be hit the most, the report said.

OpenAI released the ChatGPT and Whisper models through API for developers in March of this year.

Top News Today

Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in


Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.