Welcome to the first blog of our new series, Cyber Threat Thursdays! This is a series where we will release blogs on the many threats over the internet to your Cyber Security.
In this case, we will look into a topical and trendy AI called ChatGPT and how it has been used for malicious purposes.
To begin, let’s look at exactly what the threat is.
What is this Cyber Threat?
The Cyber Security researchers at Guardio have warned us recently of another security threat. Specifically, how malicious users have abused the public interest in ChatGPT to propagate their crimes– this time under the guise of a Chrome extension.
Additionally, this “Chrome extension” used the open source of ChatGPT and added malicious code designed to steal Facebook session cookies.
This is where the many dangers of the internet in general shine. Public interest in almost anything, such as ChatGPT, can be abused in the eyes of malicious users. This is because it’s an efficient way to attract more users to a potential Cyber attack.
However, what exactly did this Cyber Threat look like?
How it looked
Firstly, users were directed to the extension by malicious sponsored search engine results.
So, if you search for ‘Chat GPT 4,’ you would likely see a sponsored hyperlink as the first result on Google, looking exactly like the real one. Additionally, as it’s at the top of the page, users who don’t look out for the “Sponsored” tag are more likely to trust it:
On the other hand, it doesn’t just end there. There are multiple “fake apps” for Chat GPT now that are on the Google Play Store. You might be wondering, how do we know they are fake? The simple answer is, there are no official apps for Chat GPT yet, only the website.
An example image of fake links and apps is below:
As you can see, to the unsuspecting user, this Cyber Threat could be very easily missed. This is why it is so important to spread Cyber awareness about threats, just like these.
However, this is just one aspect of the threat, now, let’s go over how it worked.
How it worked
If a user was to click one of the fake hyperlinks shown above, what would’ve happened? We will explain this next.
First off, The user would be redirected to a landing page offering them ChatGPT right inside their search results page. This would appear like a typical extension download from the official Chrome Store.
This will give you access to ChatGPT from the search results, but will also compromise your Facebook account in an instant.
The malicious extension is particularly difficult to tell apart from the legitimate version on which it’s based, as the code differs in just one respect.
Once the extension is installed, the user would see the genuine extension just to make sure you see the login to your OpenAI account screen.
On the other hand, the forked, turned malicious, code is exploiting this exact moment to snatch your session cookies.
Finally, once stolen, the cookies are encrypted and exfiltrated, providing malicious users with on-demand access to the user’s compromised accounts. This means they can change the login details to lock the legitimate user out.
Unfortunately, it is as easy as that to fall victim to many Cyber threats on the internet, and this case is no exception. However, let’s now look at the actual effect this type of attack had on the internet next.
The effects of the Cyber threat
The fake extension’s author published this Cyber threat in disguise on the Chrome Web Store, on February 14, 2023, but only started promoting it via Google Search ads on March 14, 2023. Since then, it has been installed on an average of one thousand devices daily.
Before being removed by Google, the malicious ChatGPT for Chrome extension had over 9000 downloads, the security vendor claimed.
As the legitimate ChatGPT continues to grow in popularity, more individuals are getting on board to try it. This has led to ChatGPT gaining 100 million users in two months.
While this is incredibly impressive, it also goes to show just how this makes the Cyber threat of impersonator sites and apps even more dangerous.
Conclusion
Our conclusion at Solutions 4 IT, is that this is a textbook example of why Cyber awareness is so important. This includes business practices and Cyber security just as much as individuals.
This is why we encourage businesses to manage their Cyber Security, either in-house or externally.
Additionally, this emphasises the importance of training your employees and yourself on Cyber Threats and how to manage them efficiently.
We hope you’ve enjoyed this Cyber Threat Thursday blog! I certainly look forward to continuing this series in the future, so please stay up-to-date with our weekly blog releases. Thanks for reading!
