A fake ChatGPT plugin named “ChatGPT Quick Access” is found to hijack business Facebook accounts. The extension injects malicious code into the Facebook pages of targeted businesses, allowing attackers to gain unauthorized access to accounts and take over their administrative functions. This led to a number of businesses reporting similar incidents of unauthorized access.
Although the name of the extension indicates that it is a legitimate ChatGPT extension, it is important to note that it is a fake extension designed to trick users into downloading it. ChatGPT currently does not have an official extension.
This malicious plugin was initially marketed as a tool to help businesses automate their customer service operations. However, the creators of the plugin added a backdoor that allowed hackers to gain access to business accounts. The injected malware is designed to steal login credentials, which are then used to take over the account.
Once attackers have taken control of the account, they can make unauthorized changes to the business’s Facebook page, post malicious content and even access private messages. This can be very damaging to businesses that rely heavily on Facebook for marketing and customer engagement.
It is important to note that browser plug-ins can pose a significant security risk if they are not properly tested. This is because plugins have access to sensitive data such as browsing history, login credentials and personal information. Malicious plugins can be used to steal this data or inject malicious code into websites.
Additionally, many extensions are poorly coded and contain vulnerabilities that can be exploited by attackers. This can lead to a variety of security issues, including remote code execution, data extraction, and unauthorized access to user accounts.
To minimize the risk of a security breach, users are advised to download add-ons only from recognized sources and to carefully check the permissions requested by each add-on. Users should also regularly review the list of installed plugins and remove any plugins that are no longer needed or have not been updated for a long time.
Furthermore, businesses should have clear policies and procedures for the use of browser extensions, including guidelines on which extensions are allowed and how they should be tested. This can help ensure that all plugins used are secure and pose minimal risk to the organization.
