Why adding on AI browser extensions may not be a good idea

Rising interest in AI tools and extensions for browsers is being leveraged by threat actors to distribute fake ChatGPT extensions 

Updated - May 05, 2023 11:38 am IST

Threat actors are leveraging the hype around AI by getting users to install fake or compromised extensions.

Threat actors are leveraging the hype around AI by getting users to install fake or compromised extensions. | Photo Credit: Reuters

As the brouhahas over adding AI browser extensions and tools continue, threat actors are leveraging the hype around AI by getting users to install fake or compromised extensions that could steal their internet credentials.

Since March, security analysts have found around 10 malware families posing as ChatGPT, some available in official web stores, to compromise accounts across the internet, Meta, in its security report for Q1 2023, said.

Over 1,000 URLs promising ChatGPT functionality have been detected and blocked. These links with ChatGPT functionality were found to be leveraging services including those from Meta, LinkedIn, browsers like Chrome, Edge, Brave, and Firefox, link shorteners, file-hosting services like Dropbox and Mega, and more to distribute the malicious links, Meta said.

Some of these malicious AI tools even had working ChatGPT functionality alongside the malware, enabling them to persist in users’ devices without raising suspicion.

(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)

While this is not unique, cybercriminals have used similar tactics in the past. Using the interest in crypto, digital currency, and other popular topics to target users.

Threat actors were found to have switched tactics and leveraged interest around Google Bard and TikTok marketing support to increase their scope of attacks and avoid detection.

Earlier in March, OpenAI started offering its API for its AI-powered Chatbot ChatGPT and the speech-to-text model Whisper to developers.

Later that month, reports of a fake ChaptGPT Chrome extension emerged. The fake extension was found targeting Facebook accounts with attackers having copied the legitimate add-on for Chrome named “ChatGPT for Google” that offered integration in search results.

The malicious version had an additional code to steal Facebook session cookies, a report from cybersecurity firm Guardio said.

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.