ChatGPT 16 Fake Extensions Caught Hijacking User Accounts
16 khatarnak gpt optimisers ka ek milakar kiya gaya campaign ChatGPT account ko hijack karte hue pakda gaya hai. Ye tool privet chats, slack aur Google drive file ko access karne ke liye session tokens churate hain.
16 malicious browser extensions ke samooh ko upayogkarta khaaton ko hijack karne ke prayaas mein ChatGPT utpadakata sahayta ke roop mein chhipaate hue pakada gaya hai. shodh firm LayerX Security dvaara khoje gai ye add-ons khud ChatGPT mein sendh lagaane kee kosish nahin karte hain, balki upayogakrta ke log in karane kee prateeksha karte hain aur phir unke digital credentials ko chura lete hain.
Getting A Digital Key to Your Private Life
Yeh scam relies token churaane par nirbhar karta hai. inhen ek temporary digital key kee tarah samajhen jo kisi website ko batatee hai ki aap pahle se log in hain. in kee ko pakdakar, attacker "unkee nakal kar sakate hain, jisse ve user kee sabhi ChatGPT conversations, data ya code ko access kar sakte hain," LayerX’s security researcher aur blog post kee lekhak Natalie Zargarov ne samajhaaya.
Campaign Seems A Coordinated Attack
LayerX researchers ka manana hai ki yeh koi achanak hui ghatana nahin thi, balki ek akeli, organised koshish thi. jab unhonne aur jaanch ki, to unhen pata chala ki inamen se 15 tools Chrome store, par the, jabaki ek Microsoft Edge marketplace par mila. ve sabhee ek hee gadbad code share karte hain aur khaas attacker-controlled domains se communicate karte hain, jismen chatgptmods.com and Imagents.top.
Ek aur pareshaan karne vaala hissa yah hai ki ye extensions zyaadaatar ek hee din baich mein upload kiye gai the aur vaidh dikhane ke lie lagabhag identical icons aur vivaran ka istmaal kiya gaya tha.