This incident response report presents the investigation and analysis of a Chrome extension alert related to the detection of a malicious extension known as “ChatGPT For Google.” The alert was triggered
due to the suspicious addition of the extension to the browser, indicating a potential security threat.
Through careful analysis, several key findings were identified, including the nature of the malicious extension, its impact on user accounts, and the detection of Command and Control (C2) communication attempts.
The investigation revealed that the malicious extension posed as a ChatGPT integration, deceiving users and targeting their Facebook accounts. The extension was removed from the Chrome Web Store due to its malware-infected nature, but it had already been installed by a significant number of users, raising concerns about the potential impact on their accounts and personal information.
Further analysis of network activity revealed connections made to malicious domains associated with the extension’s C2 infrastructure. These connections, coupled with the findings from threat intelligence platforms, confirmed the malicious nature of the extension and the high risk it posed to users.
In conclusion, this incident response report highlights the analysis of a malicious Chrome extension and its implications for user security. By understanding the nature of the threat and implementing the recommended security measures, users can better protect themselves against similar threats in the future.
