Once they've stolen the cookies, miscreants can then change the account login information to lock the real users out, and use the hijacked pages as promotional bots or to spread extremist propaganda. That earlier one allowed attackers to hijack business Facebook accounts under the guise of a ChatGPT Chrome extension. This is notable, because it's the service used with the original FakeGPT variant that Guardio Labs also discovered. The forked code also encrypts the cookies list with AES, and smuggles the stolen sweets back to the attacker's command-and-control server hosted on the v service. That one specific malicious action is to filter Facebook-related cookies from the full list acquired via the Chrome Extension API.
0 Comments
Leave a Reply. |