Fake ChatGPT browser extension is hijacking Facebook accounts — how to keep yours safe

iPhone Facebook app
(Image credit: NurPhoto / Getty Images)

ChatGPT's ever-increasing popularity means more and more people want to try out the innovative chatbot. Which, in turn, makes them attractive target for cybercriminals. 

While fake ChatGPT apps were recently used to spread malware and steal passwords, this time around, hackers are using a browser extension called “Quick access to Chat GPT” as a lure to dupe unsuspecting users, according to a new blog post from the online privacy firm Guardio.

Unlike those fake ChatGPT apps though, the extension, which has since been removed from the Chrome Web Store, does actually give users access to the chatbot. However, in doing so the extension also steals all of the cookies stored in your browser, including security and session tokens for services like YouTube, Twitter and even your Google account.

With this information in hand, the hackers behind the extension can steal your passwords and access your online accounts, though Facebook accounts is what the extension is really after.

Targeting high-profile Facebook business accounts

Paper Facebook logos and matching fingerprint cards with a padlock.

(Image credit: TY Lim/Shutterstock)

As CyberNews reports, the hackers behind the extension are paying close attention to users that have high-profile Facebook business accounts. This makes sense as attackers often go after both Facebook business and LinkedIn accounts due to how valuable they can be.

Besides having their Facebook hacked, users that download the extension will have their accounts on the social network hijacked by bots who use it to spread “Quick access to Chat GPT” even further.

To make matters worse, the hackers behind this campaign have even found a way to bypass Facebook’s security by renaming requests to its servers made through Meta’s Graph API. This allows them to manage a victim’s “connected WhatsApp and Instagram accounts” according to Guardio’s security researchers.

Since so much of our work and daily lives now takes place within a web browser, you need to be extremely careful when downloading and installing new browser extensions. Just like with malicious apps, bad extensions do manage to slip through the cracks from time to time. This is why you should always look at an extension’s rating and reviews on the Chrome Web Store before downloading it. However, you should also look for external reviews on other sites or even video reviews that show an extension in action before you click “Add to Chrome”.

How to safely and securely access ChatGPT

Hackers are well aware of the latest trends as they use them to create new phishing campaigns and other cyberattacks. Normally, they try to instill a sense of urgency to get you to click or download something but in this case, ChatGPT has done their work for them. 

If you do want to get ahead of the line and get early access to ChatGPT, the only way to do so is by signing up for ChatGPT Plus for $20 a month or by meeting all of the requirements to get early access to Microsoft’s Bing with ChatGPT.

ChatGPT running on phone with laptop in the background

(Image credit: Shutterstock)

As for browser extensions for ChatGPT, there isn’t an official one yet. In fact, you can currently only access OpenAI’s chatbot online at “chat.openai.com”. This may change in the future but when it does, there will be plenty of announcements and news articles about a new way to access ChatGPT.

If you’re the kind of person who just can’t wait and is looking for quick ways to access ChatGPT, you probably want to make sure that the best antivirus software is installed on your PC or the best Mac antivirus software on your Apple computer. This way, if you come across a scam like the one detailed above, you’ll be safe from malware and other viruses.

Until ChatGPT can be accessed by anyone without having to join a waitlist or wait in a queue, hackers will likely continue to come up with new ways to use the popular chatbot as a lure.

More from Tom's Guide

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.