We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

Facebook Accounts Hijacked by Fake ChatGPT Extension

Facebook Accounts Hijacked by Fake ChatGPT Extension
Author Image Keira Waddell
Keira Waddell Published on 26th March 2023 Senior Writer

The security team at Guardio Labs has discovered a malicious ChatGPT extension for Google Chrome on the Chrome Web Store. The extension is a copy of the legitimate “ChatGPT for Google” add-on, which offers ChatGPT integration on search results. However, the malicious version includes additional code designed to gain total access to the user’s Facebook account.

The hackers access and decrypt the user’s Facebook session cookies, which can then be used to fully take over the victims’ Facebook account. The profile can then be used to spread prohibited material like ISIS propaganda and malicious advertising. Hackers can also easily change the victim’s login details to prevent them from regaining control.

Interestingly, it seems the hackers use an automated system to change the user’s profile name and image to match a new persona named “Lily Collins”.

The extension was uploaded to the Chrome Web Store on February 14th, 2023. However, it didn’t really gain traction until it began being pushed to the top of Google’s search result pages via Google Ads on March 14th. Overall, the malicious Chrome add-on has amassed over 9,000 total downloads.

The extension is primarily promoted through advertisements in Google Search results for “Chat GPT 4.” Upon clicking the sponsored search results, users are directed to a fake landing page, then to the extension’s page on Chrome’s official store. After installation, users receive the promised ChatGPT integration on search results, but the add-on also attempts to steal Facebook cookies and hijack your account.

This variant is considered to be part of the same campaign as another malicious Chrome extension that managed to accrue 4,000 installations before being removed.

BleepingComputer contacted Google for further information about the extension. They responded with the following: “We don’t allow ads on our platform that use malicious techniques such as phishing. We’ve reviewed the ads in question and taken appropriate action. The extension is no longer available from the Chrome Web Store.”

The extension was removed from the Google Chrome Web Store on March 22nd. Unfortunately, it is feared that the threat actors likely have a backup plan via another parked extension, which could enable the next infection wave.

About the Author

Keira is an experienced cybersecurity and tech writer dedicated to providing comprehensive insights on VPNs, online privacy, and internet censorship.