A malicious browser extension, capitalizing on the immense popularity of ChatGPT, has managed to steal thousands of Facebook accounts. Unsuspecting users provided their personal information without even realizing it, all in an attempt to gain easier access to ChatGPT’s conversational interface.
Guardio, a cybersecurity firm, exposed the scam involving the “Quick access to ChatGPT” Google Chrome extension, which was available for download directly from the Chrome Web Store. While the extension did bring ChatGPT closer to users by utilizing its API, it also stole a significant amount of data from victims’ browsers, particularly focusing on their Facebook profiles.
The exact purpose of the acquired login information remains unclear, but it is highly likely that the fraudsters simply sold the stolen data to the highest bidder. The malicious software specifically targeted business profiles, from which it launched additional advertisements to reach more potential victims. The “Quick access to ChatGPT” extension appeared on the Chrome Web Store on March 3rd and remained there until March 9th. During this time, approximately 2,000 people downloaded it daily.