A fake ChatGPT extension named “Quick access to ChatGPT” has been found to hijack Facebook business accounts. The extension injects malicious code into the Facebook pages of targeted businesses, allowing attackers to gain unauthorized access to the accounts and take over their management functions. This has led to multiple businesses reporting similar incidents of unauthorized access.
Although the name of the extension suggests it is a legitimate ChatGPT extension, it is important to note that it is a fake extension designed to deceive users into downloading it. ChatGPT currently does not have an official extension.
This malicious extension was initially marketed as a tool to help businesses automate their customer service operations. However, the creators of the extension added a backdoor that allowed hackers to gain access to business accounts. The injected malicious code is designed to steal login credentials, which are then used to take control of the account.
Once attackers have taken control of the account, they can make unauthorized changes to the business’s Facebook page, post malicious content, and even access private messages. This can be highly damaging for businesses that rely heavily on Facebook for marketing and customer engagement.
It is important to note that browser extensions can pose a significant security risk if they are not properly vetted. This is because extensions have access to sensitive data such as browsing history, login credentials, and personal information. Malicious extensions can be used to steal this data or inject malicious code into websites.
In addition, many extensions are poorly coded and contain vulnerabilities that can be exploited by attackers. This can lead to a variety of security issues, including remote code execution, data exfiltration, and unauthorized access to user accounts.
To minimize the risk of a security breach, it is recommended that users only download extensions from reputable sources and carefully review the permissions requested by each extension. Users should also regularly review their list of installed extensions and remove any that are no longer needed or have not been updated in a long time.
Furthermore, businesses should have clear policies and procedures in place for the use of browser extensions, including guidelines for which extensions are allowed and how they should be vetted. This can help to ensure that all extensions used by employees are secure and pose minimal risk to the organization.