A pro-Islamic State (ISIS) outlet on the ISIS-operated Rocket.Chat server shared a link to an article reporting that a web browser extension falsely purporting to be OpenAI's ChatGPT was removed from Google's official Web Store after it was discovered that it was harvesting Facebook-related cookies and seizing control of user accounts, using them to "disseminate extremist propaganda."
According to the article, the fake extension was a "trojanized version" of a real open source ChatGPT browser add-on, and was promoted via sponsored Google search results which directed users to download the malicious extension. Since its upload in March 2023, the malware was installed over 9,000 times.
While the extension allowed users to enhance their search results with ChatGPT, it also captured and exported their Facebook-related cookies to a remote, encrypted server. The user's Facebook account was then seized, and its password, name, and profile photos were changed. A similar fake ChatGPT browser extension was removed from the Google Web Store earlier that month.
Graphic depicting the function of the fraudulent ChatGPT browser extension. Source: Thehackernews.com