Cybersecurity company ESET has identified a malicious campaign that uses a fake extension of ChatGPT for Google Chrome.
The perpetrators of this criminal action create fraudulent websites that impersonate OpenAI's Artificial Intelligence (AI). Thus, they lure people to download a tool supposedly related to marketing and advertising purposes.
see more
iPhones that didn't succeed: 5 launches rejected by the public!
Google Messaging: The future of cross-platform chat could be…
When installing the alleged extension, the user inadvertently takes with him a malicious file that aims to steal cookies from Facebook.
This cyber attack facilitates undue access to profiles on Meta's social network, putting the privacy and security of victims of the scam at risk.
The discovery was made by ESET last month, and ever since then, it's important for users to stay Be on the lookout for suspicious extensions that may impersonate ChatGPT or other popular security tools. AI.
In the malicious campaign, cybercriminals take an ingenious approach to steal the cookies stored in Google Chrome, with special focus on those from Facebook.
By inducing the victim to download an alleged ChatGPT extension, attackers are able to use the official ChatGPT page as a distraction during the infiltration process.
While the person is busy on the official page, the malwarecomes into action and executes several commands, allowing access to cookies present in the browser.
Such cookies are responsible for containing authentication information. This makes it possible for the user's session to remain open and avoids the need to repeatedly log in to the Facebook account.
(Image: Disclosure)
By obtaining these cookies, cybercriminals gain unauthorized access to the victim's account, thus being able to perform various actions on the victim's behalf.
This can range from collecting personal information to sharing malicious content on your profile, which poses a serious threat to users' privacy and security.
According to the researchers, the security measures adopted by Facebook to strengthen people's protection, as different forms of authentication and data encryption, can be overcome if cookies are committed. With access to cookies, attackers can bypass security barriers and gain entry into the victim's profile.
Cookies store authentication data that allow the user's session to remain active. This eliminates the need to log in repeatedly.
Therefore, by obtaining these cookies, cybercriminals are able to assume the victim's identity and have free access to their account on Facebook.
To stay safe from this new scam, avoid adding ChatGPT extensions that are, shall we say, dubious in character. Only install tools that are certified and tested by other users.
At Trezeme Digital, we understand the importance of effective communication. We know every word matters, so we strive to deliver content that is relevant, engaging, and personalized to meet your needs.
