![\"\"](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2023\/04\/facebook-cookie-stealer-thief-600x350-1.jpg\")
<\/p>\n<\/p>\n
FakeGPT is one of three new Mac-infecting malware families that came to light in March (the others being MacStealer<\/a> and SmoothOperator<\/a>).<\/p>\n Let’s take a look at what FakeGPT does, who’s behind the campaign, and how you can avoid or clean up an infection.<\/p>\n The FakeGPT malware campaign has consisted of at least four known extensions that were available in Google’s Chrome Web Store. Notably, other Chromium-based browsers such as Microsoft Edge, Brave, and Opera may also be able to run Chrome extensions.<\/p>\n Victims could potentially have happened upon the Trojan horse extensions through a Chrome Web Store search for ChatGPT<\/a>. However, the FakeGPT malware developers primarily relied on paid advertisements to achieve prominent placement on Facebook (for early campaigns) and Google search results (for the most recent campaign).<\/p>\n The early Facebook ad campaigns redirected the victim to a fake extension called “Quick access to Chat GPT.” In the most recent campaign, reportedly searching Google for the term “Chat GPT 4” could have presented you with an ad at the top of the search results that redirected to a fake version of the extension “ChatGPT for Google.”<\/p>\n Once the FakeGPT extension was installed, it would collect the victim’s Facebook cookies and exfiltrate them to the malware’s distributor. If the victim was logged into Facebook, the exfiltration of these cookies would give the malware maker direct access to the user’s Facebook account, just as if the malware maker had access to the victim’s username, password, and two-factor authentication method\u2014but without all that trouble.<\/p>\n This is because, like most Web sites, Facebook relies on “stay-logged-in cookies.” In Facebook’s case, allowing users to stay logged in indefinitely is an important part of the company’s overall strategy, because it allows Facebook (and its parent company, Meta) to track where else users go on the Internet, which can then be used to push more relevant Facebook ads to the user.<\/p>\n The problem is, if bad guys can get ahold of your cookies and put them on another computer in their control, they will be logged in exactly as though they are you. This allows the attacker to take over and do just about anything you would be able to do with your own account.<\/p>\n Interestingly, this month’s discovery of MacStealer malware<\/a> brought to light that it, too, has cookie theft capabilities.<\/p>\n MacStealer: Mac Trojan malware steals passwords, wallets, and files<\/a><\/p><\/blockquote>\nWhat should I know about FakeGPT?<\/h3>\n
What would FakeGPT malware do to an infected system?<\/h3>\n