That Chrome extension you downloaded to add ChatGPT integration to Google results may not be the legitimate one—and it could cause you to lose access to your Facebook account.
Until earlier today, a malware copy of the “ChatGPT for Google” extension that stole Facebook session cookies could be found in the Chrome Web Store, allowing hackers to infiltrate accounts and lock users out. Discovered by security firm Guardio Labs and reported by BleepingComputer, the false extension leveraged the Chrome Extension API to sniff out active Facebook cookies and sent the pilfered data to the attacker’s server. Hackers then logged into Facebook, changed the account credentials, and converted profiles to that of a false persona named “Lily Collins.” These zombie accounts were used to spread malicious advertising and extremist propaganda.
Most people exposed to this fake add-on likely downloaded it through a sponsored advertisement in Google searches for “Chat GPT 4,” mirroring similar attacks on Radeon and Bitwarden users earlier this year. If you’re a victim of this ploy, you won’t necessarily notice anything amiss, either. Guardio Labs says that because the malicious Chrome extension leans on the legitimate add-on’s code, ChatGPT integration for Google search results still works.
To have been exposed to the fake extension, users would have downloaded it from the Chrome Web Store between February 14 and March 22. (The extension has since been removed from the Google Chrome Store.) If you found the link via Google search, the malicious Google text advertisements began on March 14.
If you have ChatGPT for Google installed on your PC and want to check if it’s legit, click on the puzzle-piece icon to the right of Chrome’s address bar, then on Manage Extensions. Click on the Details button for the extension, then View in Chrome Web Store. The listing for the official extension will show “chatgpt4google.com” as the verified developer, and over a million users. Anything else is a fake.
Unfortunately, this fake extension is not the first to target those curious about ChatGPT—Guardio Labs previously detected an earlier version of this malicious extension, which used Facebook marketing to get its hooks into Chrome users. Given how dominant ChatGPT will remain in popular discourse, and the unfortunately common occurrence of bad Google advertisements, expect more clones to pop up. To protect yourself, be careful about which links you click on in Google search results, install antivirus software, and consider installing an ad-blocker like uBlock Origin, too.