Malicious ChatGPT Chrome Extension Steal Facebook Accounts

June 5, 2023

Kaspersky Lab experts have identified a new scam that utilizes a malicious ChatGPT Chrome extension to infiltrate Facebook accounts and turn them into money-making opportunities for criminals. The malware originated from Brazil and was detected using this technique.

The attack works through phishing emails, Facebook Messenger and spam links in email. It has the capacity to collect personal information from victims and inject RedLine data-stealing malware onto their devices.

1. Steal your personal information

There’s an emerging piece of malware circulating on Facebook that hijacks user accounts for malicious advertising. ESET has identified this adware more than 10,000 times, using the social media platform to track web activity, encourage click-throughs on malicious ads or give out personal information.

Malware is designed to trick victims into opening a link sent by one of their Facebook friends, usually featuring an angry emoji, the words “video,” and a shortened URL.

Once clicked, the link redirects victims to a Google document that looks like a playable movie. According to Bleeping Computer, this document redirects users depending on their browser, operating system, and location.

In the process, it steals personal information such as names and phone numbers from your profile and Timeline. The malicious script then uses this account to spam friends with spam emails, post links on your news feed and Timeline, and automatically “like” pages without authorization.

Botezatu noted that malware uses your browser cookies to track your activity on Facebook and serve targeted advertisements. He cautioned that the infection can remain undetected in your browser for some time, making it difficult to detect with standard antivirus programs.

Another variant of the malware, known as ‘OMG video’, has similar mechanics but targets users with links to private videos they may have posted on Facebook profiles. It could be disguised as a popular YouTube video, according to experts.

Jacoby believes the adware can track victims’ keystrokes on their mobile device and send the data to an attacker-controlled server, leading to a rapid spread of the threat. This was how it got out of hand so quickly.

Adware not only slows down your browser, but it can also display targeted advertisements. It is important to note that this threat is spreading throughout the world, so it’s essential to protect yourself.

Thankfully, Hitman Pro is a free tool that can detect and eliminate fake Chrome extensions. All you have to do is download the program, run it on your PC, and wait for it to scan through your entire PC for infected areas. When complete, the report will let you know which parts of your machine have been compromised.

2. Inject malicious code

Fake ChatGPT Chrome Extension Harassing Facebook Accounts for False Advertising

ChatGPT chatbot’s popularity has surged rapidly in recent months due to its artificial intelligence-powered capabilities and over 100 million users. Unfortunately, cybercriminals are taking advantage of its widespread reach and using it as a vehicle to spread malware on social media platforms.

Security researchers are warning of a new campaign spreading via socially engineered links on Facebook that infects victims’ systems with malicious browser extensions that steal their Facebook credentials, install cryptocurrency miners and engage them in click fraud. Dubbed Nigelthorn, the malware appears to look-alike versions of popular websites that appear to pop up an installation window when users visit them via Facebook.

Once a victim downloads the extension, it will obtain access tokens from Facebook’s Creator Studio on their behalf. These permits developers to silently access data through Facebook’s Graph API without the user’s knowledge.

Adware uses malicious JavaScript to download configuration files from a C2 server and send them directly to a server running the malware.

These configuration files enable the malware to gather and access victim information across websites in order to display targeted ads – this is how it makes money.

The extension has a high risk impact, meaning it can do serious harm to your computer. Furthermore, the malware blacklists Facebook’s and Google’s clean-up tools, preventing you from making edits, deleting posts or posting comments.

Additionally, malware has been detected infecting tens of thousands of users around the world, despite Facebook’s efforts to safeguard its users from malicious links and files through various automated systems.

Cybercriminals often employ fake apps to target users, but there are ways of avoiding falling for these scams. One simple approach is being wary of links your friends send through Facebook Messenger. Furthermore, installing a reliable and up-to-date antivirus program on your system will keep your system secure.

3. Display targeted ads

The Fake ChatGPT Chrome Extension is being utilized by an increasing number of malicious actors to spread malicious software across the web. It’s designed to steal personal information, inject malicious code into users’ systems and display targeted advertisements.

Security researchers have identified a malicious extension for Google’s Chrome browser that allows malware operators to silently harvest Facebook users’ data without their knowledge or consent. It can be used to collect user IDs, contact info and location, as well as work with Facebook’s Graph API to steal users’ personal information and track their activities on the social network.

These types of malicious extensions have not been uncommon on the market, often combined with spam campaigns to promote them. This makes them even more dangerous since millions of people can potentially install them within a short amount of time.

Security companies have identified several other ad-injection campaigns that aim to steal your personal information and install malware on your computer. These methods involve inserting advertisements into websites that do not typically host them.

Fake ChatGPT Chrome Extension, however, is being utilized to hijack Facebook accounts and bombard them with targeted ads. Once these ad-injection scripts are installed on your browser, they’ll track your browsing activity and display ads that attempt to induce you into purchasing items on the Dark Web.

When you click on the ads, they’ll contain affiliate links that redirect to sites offering counterfeit clothing and other goods. This is all part of an ad-injection campaign designed to generate money for the extension’s creators.

It is essential to remember that this type of ad-injection is illegal and could land you in jail, as it violates Facebook’s terms of service. The only way to prevent this from occurring is by using another browser or third-party ad blockers.

The best way to protect against this is never installing an extension for a browser that hasn’t been verified by its maker. Google, for instance, only approves secure extensions before they can be sold through its Chrome Web Store.

4. Slow down your browser

Hijacking Facebook Accounts for Malicious Advertising

Cybercriminals are using Chrome browser extensions hosted on Google’s official Web Store to hijack Facebook accounts and spread malicious code. These attacks target users using socially engineered links that take them to fake versions of popular websites that display an installation window for the Chrome extension.

Kaspersky Lab reports that these scams are designed to obtain users’ passwords, collect personal information and send it off-site to malicious connections in the outside network. Fake apps are able to do all this without requiring user consent, according to security firm Kaspersky Lab.

Hackers frequently send malicious links to friends of an infected individual, in an effort to spread their malware around and reach new victims. This is a popular strategy employed by cybercriminals in order to spread their software.

Another method these malicious apps employ is injecting ads into legitimate pages, usually via ad-injection campaigns hosted on third-party domains. This enables cybercriminals to make money by redirecting users to affiliate links that pay them commissions for ad sales.

Fake ChatGPT developers are taking advantage of Google’s JSON download capabilities to embed malicious code into their extension, creating false clicks that direct victims’ browsers to a fake YouTube or Flash Player website complete with an error message and Windows adware executable file.

On average, the CPU is busy processing web pages for over 2 seconds on average, which can have a major impact on user experience and browsing performance. Ad-blockers are essential to keep your system running optimally as they reduce on-page CPU time by reducing requests but also introduce some background activities which may slow down your browser.

Ammar Fakhruddin


Ammar brings in 18 years of experience in strategic solutions and product development in Public Sector, Oil & Gas and Healthcare organizations. He loves solving complex real world business and data problems by bringing in leading-edge solutions that are cost effective, improve customer and employee experience. At Propelex he focuses on helping businesses achieve digital excellence using Smart Data & Cybersecurity solutions.

Data Security Through Data Literacy

Data Security Through Data Literacy

Unlocking data security through data literacy. Explore the pivotal role of understanding data in fortifying cybersecurity measures. Data is now pervasive, and it is important for people to understand how to work with this information. They need to be able to interpret...

Trojan Rigged Tor Browser Bundle Drops Malware

Trojan Rigged Tor Browser Bundle Drops Malware

Trojan Rigged Tor Browser Bundle drops malware. Stay vigilant against cybersecurity threats, and secure your online anonymity with caution. Threat actors have been using Trojanized installers for the Tor browser to distribute clipboard-injector malware that siphons...

Siri Privacy Risks: Unveiling the Dangers

Siri Privacy Risks: Unveiling the Dangers

Unveiling Siri privacy risks: Understand the potential dangers and take steps to enhance your digital assistant's security. Siri is a great piece of technology, but it can also be dangerous to users’ privacy. This is a serious issue that should be addressed....

Recent Case Studies

Press Releases

News & Events


Managed Security Services
Security & Privacy Risk Assessment
Cloud Platform Security
Incident Response & Business Continuity

Penetration Testing

Virtual CISO

Email Security & Phishing



About Us