Navigating the Risks of FakeGPT: Protecting Your Data from Malicious Extensions

December 5th · 11 min read

Rotem Tal - Senior Cybersecurity Expert |Writer & Editor|
Rotem Tal - Senior Cybersecurity Expert |Writer & Editor|

The AI revolution

AI advancements are all the rage these days, making the once-fictional worlds of 'Futurama', 'Rick and Morty,' and 'The Jetsons’ a reality. These new innovations are transforming what was once considered science fiction into fact, offering convenience through virtual assistants and smart algorithms for everyday tasks and business processes.

Yet, these technological leaps are not without their challenges. As media philosopher Marshall McLuhan famously put it, “When new technologies impose themselves on societies long habituated to older technologies, anxieties of all kinds result.” Although McLuhan mainly spoke about cultural concerns sparked by new technologies, he'd probably roll over in his grave if he only knew that cybercriminals are upping up the anxiety level.

80% of Americans are worried about AI stealing their personal data

Cybercriminals are all too familiar with the buzz and chaos new innovations bring and aren’t wasting time trying to capitalize on people’s excitement about everything AI. They’re working overtime, devising new ways to steal people’s information and money. One of their deceptive tricks is FakeGPT, a sophisticated scam disguised as an AI tool that was recently uncovered by the savvy team at Guardio Labs.

In this article, we'll delve into the dark world of FakeGPT, explore its risks, and, more importantly, show you how Guardio can be your protective sidekick against these awful scams.

Is that an AI tool or a scam?

Don't risk it - Guardio's security software blocks online scams before they can do damage!

a computer screen displaying ChatGPT-s home screen

What’s Fake GPT?

If you haven't heard of ChatGPT, you’ve probably been living under a rock, as it has single-handedly revolutionized the realm of artificial intelligence. Its rapid growth and widespread adoption have marked it as the fastest-growing platform in the history of technology. ChatGPT is an advanced AI language model developed by OpenAI, which has transformed the way we interact with information and technology. Put simply, it's a smart computer software made by OpenAI that changes how we use and talk to technology. How popular is ChatGPT? It currently has around 180.5 million users, and the website racked up an incredible 1.7 billion visits in the month of October 2023 alone!

However, the popularity of ChatGPT opened up new avenues for scammers to try and take advantage of. They exploit the credibility and popularity of legitimate AI software to create bogus products called FakeGPT - a generic nickname for these types of scams. In other words, cybercriminals create fake websites and browser extensions that promise users easy access to AI tools. In reality, these browser extensions and websites they've created are designed to steal the data of anyone using them.

How does Fake GPT malicious Chrome extension work?

FakeGPT extensions or apps typically masquerade as helpful AI tools, offering features like quick access to AI services or enhanced browsing capabilities. Unfortunately, once installed, they carry out malicious activities in the background. This can range from collecting sensitive data, like login credentials and financial information, to hijacking Facebook accounts and other social media profiles.

The Guardio Labs research team started noticing strange Facebook ads for ChatGPT - this raised some red flags. OpenAI, the company that created ChatGPT, doesn’t openly promote the platform via ads, so something definitely felt off. What the Labs team uncovered was mind-blowing, cybercriminals were paying for legit Facebook ads to promote fake ChatGPT Chrome extensions, apps, and websites disguised as harmless AI tools. Seduced by the prospect of cutting-edge AI tools, people were downloading these malicious apps. And after they installed them, the malware started working automatically, allowing cybercriminals to hijack their accounts and even change their details, like usernames and profile pictures.

Guardio Labs research team uncovered FakeGPT

Our research team at Guardio Labs believes that there are hundreds if not thousands of fake AI scams out there, but they found that this type of Fake ChatGPT Chrome extension is particularly dangerous. Especially because of its ability to take control of Facebook accounts and its worm-like method of spreading. Here’s what you need to know:

  • Name: It's called "Quick Access to ChatGPT" and is being circulated via sponsored posts on Facebook.

  • The trap: Clicking on these Facebook ads will take you to a landing page and then to the Chrome store, where you’ll be tricked into downloading the malicious extension.

  • After installation: While you think you’re getting an integration of ChatGPT, after adding the extension, it activates a mechanism that secretly steals Facebook session cookies.

  • Advanced-data theft mechanism: The extension uses Chrome's tools to grab and lock Facebook cookies with a special key, then quietly sends this protected data to a hacker's server.

  • Stealth tactics: By encrypting the data, the extension cleverly avoids detection by sophisticated security scans, keeping the theft under the radar.

  • Full account takeover: The attacker gains complete access to your Facebook account. The malware even alters login details, effectively locking you out.

Basically, if you fall for the sponsored Facebook ad, you get tricked into downloading the fake extension. Once installed, it steals your Facebook login info, giving hackers full control of your account and even locking you out

Needless to say, (but we’ll say it anyway), Guardio’s security software warns you ahead of time if you ever come across these fake sites or extensions. Not only that, but it basically blocks them, so even if you click one of these links by mistake, the scam is blocked right then and there. Finances, accounts, and basically your whole digital presence are saved!

Is that really a ChatGPT tool?

Before downloading it, try Guardio's security software that blocks online scams before they can do damage!

This is how it plays out in the real world

Meet Leo, a passionate vegan chef who had recently opened his very own plant-based food truck, "Greens on Wheels." His days were packed with crafting delicious vegan fare and navigating the bustling streets of the city. Eager to grow his business and still have time for his family, Leo was always on the lookout for tools to boost his efficiency.

One bustling morning, while Leo was scheduling posts on his food truck's Facebook page, an ad caught his eye. It was for a browser extension named "Quick Access to ChatGPT.” The tool claimed to offer AI-powered assistance for scheduling, menu planning, and even marketing – exactly what Leo needed. Excited by the possibility of having more time to create new recipes and be with his family, Leo clicked the ad.

That’s where the nightmare began. The ad led him to a page that looked just like the Chrome Web Store, complete with user reviews raving about the extension's capabilities. The installation process was a breeze, and within minutes, Leo had what he believed was a cutting-edge AI tool integrated into his browser.

At first, everything seemed perfect. Leo used the extension to draft emails, schedule appointments, and even get quick insights into business strategies. The extension provided AI-generated responses, and Leo felt like he had stumbled upon a goldmine.

However, unknown to Leo, each time he used the extension, it was silently gathering his personal information. It started with minor details like his browsing habits and soon escalated to more sensitive data like login credentials for his social media and bank accounts.

A few weeks later, Leo noticed unusual activities on his business's Facebook account. Posts he hadn't created were appearing, promoting products he'd never heard of. He tried logging in, only to find his credentials no longer worked. Panicking, he checked his bank account and saw unauthorized transactions draining his funds.

Scammed food truck owner

Leo had become a victim of the FakeGPT scam. The tool he had hoped would streamline his business and save him precious time had done the exact opposite. He found out the hard way that, things that seem too good to be true often are. Determined to prevent things like this from ever happening again, he sought out the best online security tool available and found Guardio.

Installing Guardio marked a turning point as the security software was specifically designed to protect people like him from the multitude of threats lurking online. He could have saved himself a world of pain if he’d installed Guardio from the get-go. Hindsight is 20/20

This is how Guardio keeps you protected:

  • Blocks fake ads: Actively blocks deceptive ads and pop-ups that lead to scams like the one Leo fell victim to.

  • Phishing email alerts: Identifies and alerts users about phishing emails, which often lure victims into downloading malicious software or giving away sensitive information.

  • Dangerous website detection: Guardio scans websites in real-time, warning users if they're about to enter a potentially dangerous site that could compromise their data.

  • Online scam protection: Guardio is constantly updated to recognize and protect against the latest online scam attempts.

  • Mobile security: Guardio’s mobile apps SMS phishing protection actively scans incoming messages for signs of phishing or fraud and flags suspicious links and content. Alerting you of potential threats before you even click and keeping you safe no matter where you are.

For Leo, Guardio was more than just a security tool; it was peace of mind. With Guardio running quietly in the background, he could focus on what he loved most – cooking up delicious food and spending quality time with his family.

Cybercriminals disguise FakeGPT extensions as genuine software

While we'd all like to think that we're super tech-savvy and won't fall for an online scam, the reality is that cybercriminals and their tricks are getting more sophisticated and easier to fall for. They employ a variety of clever techniques to disguise FakeGPT as genuine software, making it harder to distinguish what’s real and what's fake. Some of these methods include:

  • Copycat design: Similar to fake shopping sites, scammers design the FakeGPT extensions interface to closely resemble the look and feel of the legitimate ChatGPT software. This includes using similar color schemes, layouts, and user interfaces.

  • Misleading name: The fake software is often given names that closely resemble legitimate AI tools, such as "Quick Access to ChatGPT." The descriptions in app stores or websites also mirror the genuine software, promising similar functionalities.

  • Fake reviews and ratings: This is a big one because most people are smart enough to check a review before downloading and installing a new app or extension. But here's the thing, these scammers create fake user reviews and high ratings for their counterfeit extensions or apps. The reviews make the software appear trustworthy and reliable to unsuspecting users. If only scammers used their powers for good…

“FakeGPT” Variant on Chrome Store.
  • Sponsored ads and SEO manipulation: This is also pretty shocking, but it turns out that scammers use sponsored advertisements on popular platforms like Facebook and Google Ads to promote their sketchy tools. Meaning, they actually pay money to promote their scam. Aside from that, they might also manipulate search engine optimization (SEO) making them appear at the top of search results for AI tools.

  • Social engineering tactics: These include phishing emails or messages that entice users to download the software, often by offering exclusive features or urgent updates.

  • Exploiting trusted platforms: Cybercriminals will upload their fake software to reputable websites and app stores like Google Play and the Apple App Store, exploiting the trust people have in these platforms.

  • Complex jargon: They often use technical language in their descriptions, which can confuse users into believing the software is advanced and legitimate.

  • False security certificates: In some cases, they might use forged or stolen security certificates, making the software appear safe and verified upon installation.

Knowing these sketchy tactics not only gives you the knowledge on how to identify FakeGPT scams but also should ring the alarm bells if you ever come across any of these shady schemes. Then again, security software like Guardio can eliminate all these risks, so you can browse the web at ease…

Common risks and threats involved in FakeGPT

The risks associated with FakeGPT extensions, apps, and similar malicious AI software can be grave and have an enormous negative impact on your life:

  • Data leaks: FakeGPT scams, can be designed to steal personal information like names, addresses, email IDs, and phone numbers. This data can then be sold on the dark web or used for other malicious purposes like identity theft.

  • Privacy breaches: These fake programs have access to private conversations, browsing history, and other personal data, leading to a severe invasion of privacy. This information can then be used for identity theft, fraud, or other sketchy schemes.

  • Financial losses: Malicious software like FakeGPT can capture credit card details, bank account information, and passwords, leading to financial theft and fraud.

  • Account hijacking: These tools can hijack social media accounts, locking you out and exploiting the accounts for further scams like phishing your contacts for money and ruining your reputation.

  • Malware and virus infection: Some fake AI tools serve as a gateway for other malicious software, infecting the user's system with viruses, ransomware, or spyware.

  • Reputation damage: For businesses, using compromised AI tools can lead to significant reputation damage if customer data is breached or if the business is seen as a source of a scam.

The bottom line

The emergence of deceptive software like FakeGPT, cleverly masquerading as legitimate AI tools, exposes the darker side of technological advancements. From personal data breaches to severe financial losses, the risks associated with these scams are real and significant.

The aftermath of Leo's encounter with FakeGPT was a wake-up call of the importance of cybersecurity. It took him months to regain control over his accounts and finances, a period marked by anxiety and sleepless nights. Guardio's effectiveness in blocking fake ads, sending real-time alerts about phishing emails, and scanning for dangerous websites ensures that the digital world we navigate is a safer space. For individuals and businesses alike, using tools like Guardio is more than just a security measure; it's a step towards preserving peace of mind in an era where online threats are ever-evolving. Stay safe, stay alert, and always be one step ahead of cybercriminals.

Do not click that link!

Before downloading any online tools, Install Guardio first! It blocks online scams before they can do any damage!

Be the first to know!

Subscribe to our exclusive mailing list and get the freshest stories from the Guardio team

You may also like