Small businesses and boutique organizations should use caution when leaning on browser-friendly artificial intelligence (AI) tools to generate ideas, content, and marketing copy, as a set of Google Chrome extensions were recently compromised to deliver info-stealing malware disguised as legitimate updates.<\/p>\n
Analyzed by researchers at Extension Total, the cybercriminal campaign has managed to take over the accounts of at least 36 Google Chrome extensions that provide AI and VPN services. The compromised extensions include \u201cBard AI Chat,\u201d \u201cChatGPT for Google Meet,\u201d \u201cChatGPT App,\u201d \u201cChatGPT Quick Access,\u201d \u201cVPNCity,\u201d \u201cInternxt VPN,\u201d and more<\/a>, which are used by an estimated total of 2.6 million people.<\/p>\n Though these browser extensions borrow the names of the most popular AI tools available today, they are third-party tools that are not developed by Open AI\u2014the company behind ChatGPT\u2014or Google.<\/p>\n In response to the attack, many of the compromised browser extensions removed their tools from the Google Chrome web store to protect users. However, other extensions remain available and in the control of cybercriminals, making them dangerous to download.<\/p>\n There isn\u2019t a startup, small business, or solo practitioner today who can run their operations without a web browser, and the most popular web browser in the world\u2014by far<\/a>\u2014is Google Chrome.<\/p>\n But this cybercriminal campaign has not compromised Google Chrome itself.<\/p>\n Instead, it has compromised a series of extensions for Google Chrome that could prove attractive to many small businesses looking to harness AI, whether to write email newsletters, edit blogs, or even get ideas for marketing strategies in the new year. These third-party browser extensions, when they were still available, allowed users to directly ask questions to AI tools without needing to navigate away from a current web page.<\/p>\n But with the new attack, those same browser extensions are now delivering fraudulent updates that carry malicious code that can steal an employee\u2019s data.<\/p>\n According to an investigation published<\/a> by one of the compromised browser extension companies, the malware used in this attack sought data for Facebook Ads accounts. That may sound like a narrow goal, but considering that so many businesses rely on promotion and visibility through Facebook Ads, it isn\u2019t uncommon that this information might be stored on an employee\u2019s computer.<\/p>\n For a full list of compromised extensions, visit here<\/a>.<\/p>\n Until fixes are released for every compromised extension, warn your employees about which browser extensions are safe to use, and consider creating a policy about only trusting first-party browser extensions for work.<\/p>\n For all other threats, try Malwarebytes Teams<\/a>, which provides always-on protection against malware, ransomware, spyware, and more, along with 24\/7 dedicated, human support.<\/p>\n