The criminals have created a fake version of the ChatGPT plugin. It worked, but it also stole accounts

The incredibly fast development and huge popularity of ChatuGPT meant that scammers also decided to take advantage of the solution. A fake bot appeared in the browser extension store, the purpose of which was to steal Facebook login details. At first glance, it looked almost identical to a real plug.

Fake plugin pretending to be ChatGPT in the Google Chrome store

The scammers managed to bypass Google security and published their extension in the official app store for Google Chrome some time ago. The fake program was listed under the name Chat GPT for Google and – both with the name of the plugin and the appearance of the page – tried to impersonate the real ChatGPT for Google app (the difference is the extra space in the name of the malicious program) which allows in an extra window View ChatGPT responses to Google searches.

The fake program was not only very similar to the real one, but also advertised in sponsored search results on Google. Users after clicking on the suggested link they were directed to the real extension storewhich lulled their vigilance. No wonder that approximately 9,000 people eventually fell into the trap of fraudsters. users, before Google removed the app from the official store. However, this is not the end, because cybersecurity specialists from Guardio Labs, who discovered the fake plugin, note that used exactly the same open source code as the real version of the application, making the detection of fraud even more difficult. The criminals decided to only add a few lines of code.

Fake ChatGPT was stealing login details

The cheat plugin worked just like the real one (which was another factor lulling users’ vigilance), but by the way stole session cookies, which are used to maintain the session after logging into the account, e.g. on a social networking site. Criminals were able to hijack them and use them to log into Facebook. This is how they succeeded take over the account and change the passwordso that the owner cannot access it. The seized accounts of private individuals were, as the researchers suppose, sold on the black market. For extremely valuable profiles (usually owned by companies with large followings) names were changed and used to spread propaganda or sending dangerous links in promoted posts.

Researchers point out that several other versions of the same scam have already been found in the past, which shows that criminals are not idle and intend to actively exploit the exceptional popularity of ChatuGPT. Therefore, it is worth paying special attention to the applications that we install (including the name, owner of the apk and the number of downloads). As this example shows, a simple browser plug-in is enough for cybercriminals to take over an account, e.g. on a social networking site.