Skip to main content

Beware: many ChatGPT extensions and apps could be malware

ChatGPT fever has overtaken the internet, and rightly so since it’s such a powerful new tool. Unfortunately, the most sought-after content is often fertile ground for hackers and scammers.

In a recent video, cybersecurity-focused YouTuber John Hammond warned that many ChatGPT extensions and apps could contain malware. It’s a valid point, and we should all use caution when installing desktop browser add-ons and mobile apps.

OpenAI's ChatGPT blog post is open on a computer monitor, taken from a high angle.
Photo by Alan Truly

When you visit a webpage, such as ChatGPT, you know who can access the information you provide. OpenAI is a known quantity that most people respect, even if there is some concern about the rapid pace of OpenAI’s updates to the public.

The privacy policies of browser extensions and apps vary dramatically, however. Even more alarming, regardless of the privacy claims, you might not recognize the developer or know whether they are trustworthy. It’s easy to claim your information will not be shared or sold, but who will enforce that policy?

Hammond notes that it goes deeper than the information you might voluntarily provide to the extension or app. Hackers have ways of bypassing security features, particularly when doing so with software you’ve installed on your device.

Citing a recent Guardio report on a fake ChatGPT Chrome extension, Hammond explains that the extension contained malware that used a backdoor to access Facebook account information.

By stealing numerous Facebook accounts, the malware created bots that made advertisements promoting the extension. The ads drove traffic to the extension, generating more bots that posted more ads.

The goal of the self-replicating malware was to collect user information to sell on the dark web. Google took down the extension, but another soon popped up, and the battle against malware is seemingly unending.

Most ChatGPT Extensions Are Just Malware

The critical takeaway from the video is to be careful with every browser extension you install. Any software that resides on your computer has greater access than a webpage. The same is true of mobile apps.

If you want to use ChatGPT, you can do so from OpenAI’s website. GPT-4, the OpenAI technology behind ChatGPT, powers Bing Chat and is available in a tab on any Bing Search. Bing Chat is also available on your phone via the Bing app or Edge browser.

If you still want to use a browser extension or app that adds extra capabilities or makes the advanced AI more convenient, proceed with caution. Check the privacy policy, read reviews, and learn more about the developer before trusting that your data will be secure and private.

Alan Truly
Alan is a Computing Writer living in Nova Scotia, Canada. A tech-enthusiast since his youth, Alan stays current on what is…
How to enable secure boot in Windows 11
Secure Boot setting in an ASUS BIOS.

Enabling Secure Boot is an important step in upgrading to Windows 11, as it's part of the system requirements. It ensures that unauthorized software can't run on your PC, and you will have to enable it before you install Windows 11 or it just won't work. Fortunately, enabling Secure Boot is as quick as changing a single BIOS setting.

Here's how to do it.

Read more
No, Intel’s Lunar Lake CPUs aren’t being delayed
Intel keynote.

Intel's hotly-anticipated Lunar Lake CPUs look like they're suffering a delay, at least according to a report from DigiTimes. The outlet, which covers semiconductor news, says that shipments of the chips are arriving in September and that they were originally planned for June. Intel says otherwise, however.

When Intel first announced Lunar Lake, it said they would arrive between July and September of this year. More specifically, the company pointed out that they'd be available before the holiday shopping season. If June was the original plan, we'd already have a lot more details about the processors. It looks like September was the target all along.

Read more
Hacker claims to have hit Apple days after hacking AMD
The Apple logo is displayed at the Apple Store June 17, 2015 on Fifth Avenue in New York City

Data breaches happen all the time, but when the giants get hit, it's impossible not to wonder what kind of critical data may become exposed. Earlier this week, notorious cybercriminal Intelbroker reported that they managed to hack AMD. Now, they followed up with claims about hacking Apple, and went as far as to share some internal source code on a hacking forum.

As Apple has yet to comment, all we have to go off is the forum post, first shared by HackManac on X (formerly Twitter). In the post, Intelbroker states that Apple suffered a data breach that led to the exposure of the source code for some of its internal tools. The tools include AppleConnect-SSO, Apple-HWE-Confluence-Advanced. There's been no mention of any customer data being leaked, which is good news, but there could still be some impact on Apple if this proves to be true.

Read more