A new browser extension called "Quick access to Chat GPT" has been found to be capable of hijacking Facebook accounts and creating rogue admin accounts. This highlights one of the different methods that cyber criminals are using to distribute malware.
"By hijacking high-profile Facebook business accounts, the threat actor creates an elite army of Facebook bots and a malicious paid media apparatus," Guardio Labs researcher Nati Tal said in a technical report. "This allows it to push Facebook paid ads at the expense of its victims in a self-propagating worm-like manner."
The browser add-on is promoted through Facebook-sponsored posts, and while it offers the ability to connect to the ChatGPT service, it's also engineered to surreptitiously harvest cookies and Facebook account data using an already active, authenticated session. This is achieved by making use of two bogus Facebook applications – portal and msg_kig – to maintain backdoor access and obtain full control of the target profiles. The process of adding the apps to the Facebook accounts is fully automated.
Since the extension has been found, it has been pulled from the Chrome Web Store. However, it is believed that there are still 2,000 installations of the extension per day. If you have installed this extension, it is important to remove it immediately and change your passwords.