Guardio Labs researchers have reported finding a copy of the “ChatGPT for Google” open-source extension that is capable of covert malicious action such as hijacking Facebook accounts. The researchers say that the fake extension, which was downloaded over 9000 times before its removal from the Google Chrome Store, abuses the Chrome Extension API to obtain a list of Facebook-related session cookies.
The advice to anyone who has downloaded the extension is to:
- Remove the extension and change your Facebook account password.
- Go to go to Settings > Apps and Websites to make sure that hijackers haven’t added apps to your account that could post things on your behalf.
- Add 2FA to your account.