Quick access to Chat GPT is a malicious Chrome extension
Quick access to Chat GPT is a malicious Chrome extension that hijacks Facebook accounts. This stealer-like add-on is promoted via sponsored Facebook posts. While it claims to provide access to Chat GPT without the need to visit the official page, it was actually designed for an entirely different task – to silently steal cookies and Facebook account data from active and authenticated user’s sessions. While the malware is designed to hijack Facebook business accounts mainly, individual profiles can also be stolen.
The malware propagates in a worm-like manner. The stealer extension uses two deceptive Facebook apps called portal and msg_kig to establish a backdoor and get full control of victim’s active FB profiles. The process of adding these apps to user’s account is automated, and once the criminals get control over the profiles, they are used to advertise the malware further. This way, the malware attempts to gain super-admin permissions to as many profiles as possible.
The stealer extracts information
Quick access to Chat GPT malicious extension actually allows connecting to the actual chatbot via ChatGPT API. Clicking on the extension icon in the browser opens a prompt that can be used to enter a query for the chatbot.
However, once the extension becomes part of the browser, it becomes capable of sending requests to any services on behalf of the user. This allows the malware to access Meta’s Graph API for developers, which means that the criminals can access your information and act on your behalf on Facebook by employing API calls. The extension even manages to bypass Facebook’s limitations and security measures by using Chrome browser’s declarativeNetRequest API.
Therefore, while the user communicates with the chatbot, the malicious extension actively works in the background. It initiates illegal activities, such as stealing browser metadata and cookies of every authorized active session, no matter what service the user is using. For instance, the extension can steal security and session tokens to Google accounts, Twitter, YouTube and others.
The malware checks for Business Facebook account and extracts various details, including currently running ads, prepay balance, stored balance, users and their roles, currency, and many others. Then the malware sorts the collected information and sends it to its Command&Control (C2) server – api2[.]openai-service[.]workers[.]dev/api/.
The malware gains control over accounts via deceptive FB applications
The extension registers two malicious apps – portal (no longer available) and msg_kig on target’s account and approving it to get admin mode. The msg_kig app was somehow approved by Facebook, and this fake application uses the icon and name of another, legitimate Facebook application named Messenger Kids.
The malicious application has an extremely lengthy list of permissions, for example, to manage business, groups and ad accounts, events, fundraisers, page conversations, messages, as well as connected Instagram and WhatsApp accounts.
The extension was first noticed on March 3rd, 2023, and was removed from Chrome store on March 9th, 2023. According to Guardio report, the extension was installed by over 2000 users daily before it was removed.
If you have unfortunately installed this malicious extension, you need to remove Quick Access to Chat GPT malware immediately. The instructions provided below this article will help you to complete this process.
|Name||Quick Access to Chat GPT extension|
|Type||Malware; Information stealer; Stealer-extension|
|Damage||The malicious extension steals cookies and tokens to active sessions to various services and takes full admin control of Facebook accounts. It primarily targets Facebook Business accounts and then uses them to propagate itself by publishing malicious sponsored posts through hijacked accounts.|
|Distribution||Deceptive sponsored posts, pop-up ads, malicious installers|
|Malicious extension IDs||kgnddmccicfibljeodejjmekeiilkfhk;|
|Removal||Remove ransomware and related malware from your PC using trustworthy software like INTEGO Antivirus. To repair virus damage on Windows OS files, download and try RESTORO (secure download link).|
Intego Antivirus for Windows
Award-winning antivirus solution for your PC.
Robust security software that provides robust 24/7 real-time protection, Web Shield that stops online threats/malicious downloads, and Prevention engine that wards off Zero-Day threats. Keep your PC safe and protected against ransomware, Trojans, viruses, spyware and other forms of dangerous programs.
How to avoid installing similar malicious extensions?
Cybercriminals can distribute malicious extensions similar to Quick Access to Chat GPT via hijacked Facebook profiles and other social media accounts, Chrome Web Store, also via rogue websites, pop-up ads.
Users should be careful and avoid installing never-heard-of applications promoted via aggressive online ads. Scammers often tend to hack popular Facebook pages or create phishing pages in order to promote links leading to malicious websites. Such links are typically shortened to obfuscate their suspicious-looking URL.
Besides, if you notice that an extension on Chrome Web Store has a few or no reviews at all – better stay away from it. Unfortunately, many malicious extensions manage to get approved by the Store and become available for users to install, however, they usually do not last long enough to gather any user reviews at all.
In addition, users should be cautious and avoid clicking on suspicious links and downloading files sent via social media messages, email, or other online communication channels. Always confirm that the sender is someone you know or can trust. In case of a doubt, do not risk exposing your computer and your privacy to potential threats.
Furthermore, be careful while browsing the Internet, and try to identify and avoid shady websites that annoyingly attempt to convince you to install recommended browser extensions or other freeware. Some of these rogue websites display pop-up or new tab ads that promote various spyware or malware varieties. Usually, similar ads appear on websites that promote copyright-protected content illegally, for example, rogue movie streaming websites, software crack sites, torrent sites and so on.
Remove Quick access to Chat GPT malware from Chrome
If you have accidentally installed the described malware in your Chrome browser, follow the guidelines provided below to understand how you can remove Quick Access to Chat GPT extension for good.
We highly recommend taking action to secure your Facebook account. Change your password and enable 2FA authentication, and revoke permissions from suspicious apps associated with your FB account. For guidelines how to recover your account if it was hacked or stolen, visit this Facebook Help Center article.
OUR GEEKS RECOMMEND
Our team recommends a two-step rescue plan to remove ransomware and other remaining malware from your computer, plus repair caused virus damage to the system:
GeeksAdvice.com editors select recommended products based on their effectiveness. We may earn a commission from affiliate links, at no additional cost to you. Learn more.
Quick access to Chat GPT Removal Tutorial
To remove the unwanted program from your computer, use these instructions below to uninstall associated programs or apps from your Windows or Mac computer. Then scroll down for instructions how to clean each affected web browser individually.
Remove Quick access to Chat GPT from Windows
Windows 10/8.1/8 users
Click on the Windows logo to open Windows menu. In search, type control panel and select the matching result. Then go to Programs and Features.
Windows 7 users
First, open Windows menu by clicking on the icon in the lower left corner of the screen. Then go to Control Panel and find section called Programs. Click on the Uninstall a program option under it.
Windows XP users
In Windows XP, click Start > Control Panel > Add or Remove Programs.
Uninstall unwanted programs
Once in Programs and Features, look through the list of installed programs. You can click on Installed on tab to sort the programs by their installation date.
Right-click on suspicious programs you can't remember installing and choose Uninstall. Follow instructions provided by the Uninstall Wizard, click Next and finally Finish to uninstall the unwanted program from your PC.
Remove Quick access to Chat GPT from Mac
- Click on Finder.
- Go to Applications folder.
- Look for suspicious applications you can't remember installing. Right-click them and select Move to Trash.
- After moving all suspicious apps to Trash, right-click the Trash bin in Mac's Dock and select Empty Trash.
Remove using INTEGO ANTIVIRUS for Mac (includes scanning for iOS devices). The one-of-a-kind security suite provides VirusBarrier X9 real-time protection against Mac and Windows-based malware, removes existing threats and scans for malware in popular e-mail clients. Includes NetBarrier X9, an intelligent firewall for home, work and public connections.
Remove Quick access to Chat GPT from Google Chrome
Remove suspicious Chrome extensions
- Open Chrome and type chrome://extensions into address bar and press Enter.
- Here, look for suspicious extensions, and Remove them.
- Don't forget to confirm by pressing Remove in the confirmation pop-up.
Change Start Page settings
- In Chrome address bar, type chrome://settings and press Enter.
- Scroll down to the On startup section. Check for suspicious extensions controlling these settings, and Disable them.
- Additionally, you can set browser to Open a specific page or set of pages via these settings. Simply choose this option, click Add a new page, enter your preferred URL (f.e. www.google.com) and press Add.
Change default search settings
- In Chrome URL bar, type chrome://settings/searchEngines and press Enter. Make sure you type searchEngines, not searchengines. Additionally, you can go to chrome://settings and find Manage search engines option.
- First, look at the list of search engines and find the one you want to set as default. Click the three dots next to it and select Make Default.
- Finally, look through the list and eliminate suspicious entries. Right-click the three dots and select Remove from the list.
Remove push notifications from Chrome
If you want to get rid of the annoying ads and so-called push-notifications viruses, you must identify their components and clean your browser. You can easily remove ads from Chrome by following these steps:
- In Google Chrome, press on Menu (upward arrow) in the top-right corner of the window.
- Select Settings.
- Go to Privacy and Security > Site Settings.
- Open Notifications.
- Here, go to the Allow list and identify suspicious URLs. You can either Block or Remove by pressing on the three vertical dots on the right side of the URL. However, we suggest the Block option, so the site won't ask you to enable the notifications if you ever visit it again.
Reset Google Chrome browser
- The final option is to reset Google Chrome. Type chrome://settings in the URL bar, press Enter and then scroll down until you see Advanced option. Click it and scroll to the bottom of the settings.
- Click Restore settings to their original defaults.
- Click Restore settings to confirm.
Remove Quick access to Chat GPT from Mozilla Firefox
Remove unwanted add-ons from Firefox
- Open Firefox and type about:addons in the URL bar. Press Enter.
- Now, click on Extensions (in the left section).
- Click Remove next to every suspicious browser add-on that you can't remember installing.
Change Firefox Homepage
- In Firefox address bar, type about:preferences and hit Enter.
- Look at the left and click the Home tab.
- Here, delete the suspicious URL and type or paste in the URL of a website you'd like to set as your homepage.
Alter preferences in Firefox
- Type about:config in Firefox address bar and hit Enter.
- Click I accept the risk! to continue.
- Here, type in the URL which has taken over your browser without your knowledge. Right-click each value that includes it and choose Reset.
Remove annoying push notifications from Firefox
Suspicious sites that ask to enable push notifications gain access to Mozilla's settings and can deliver intrusive advertisements when browsing the Internet. Therefore, you should remove access to your browser by following these simple steps:
- In Mozilla Firefox, click on Menu (the three horizontal bars) on the top-right corner of the window, then choose Options.
- Click on Privacy and Security, then scroll down to Permissions section.
- Here, find Notifications and click Settings button next to it.
- Identify all unknown URLs and choose to Block them. Click Save Changes afterward.
Reset Mozilla Firefox
- In Firefox, type about:support in the address bar and press Enter.
- Click on Refresh Firefox...
- Click Refresh Firefox again to confirm.
Remove Quick access to Chat GPT from Microsoft Edge
Remove suspicious extensions:
- Open MS Edge browser and click on the three dots button in the top right corner, then click on Extensions.
- Look through the list of installed extensions and find the ones you can't remember installing or simply suspicious-looking ones. Right-click on them and choose Uninstall. Then confirm by pressing Uninstall again.
Change MS Edge Start Page and default search engine:
- Click on the three dots again and go to Settings. First, make sure that you choose to Open Microsoft Edge with A specific page or pages option. Then click the X next to suspicious URLs and type in the one you want to set as your homepage. Click the Save icon to confirm.
- Click on the three dots > Settings. Scroll down and click on Show Advanced Settings. Then scroll down until you find Change search engine button. Click it. Here, select the search engine you prefer using and click Set as default.
Additionally, we recommend selecting and Removing suspicious search engines.
Turn off push notifications in Edge
If you keep receiving pop-up ads or other promotional content while browsing on Microsoft Edge, your browser might be corrupted by a potentially unwanted program (PUP). You have to clean it — follow these easy instructions:
- In Microsoft Edge, open Menu (three horizontal dots) in the top-right corner of the screen and click Settings;
- Click on Advanced settings.
- Scroll down to the Website permissions section. Here, click Manage permissions.
- Find Notifications and Remove all suspicious websites.
Clear browsing data
- Click on the three dots in the top right corner again and click on Settings. Find Clear browsing data section and click Choose what to clear button.
- In the next window, select all options and click Clear.
Remove Quick access to Chat GPT from Safari
Uninstall suspicious Safari extensions
- Open Safari and click on Safari button in the top left corner. Select Preferences in the menu that appears on the screen.
- Now, go to Extensions tab. Look at the left to see all installed extensions, click on suspicious ones and hit that Uninstall button as shown in the picture. Confirm your choice by clicking Uninstall again. Repeat until you get rid of all unwanted extensions.
Change Safari Homepage and default search engine
- In Preferences, open the General tab. Here, check what URL is set as your homepage. Delete it and type in whatever URL you want to set as your Safari Start Page.
- Next, go to the Search tab. Here, choose what Search engine you want to set as default.
- Next, click on Manage websites... then Remove all... and then Done.
Remove push notifications on Safari
Some suspicious websites can try to corrupt your Safari by asking to enable push notifications. If you have accidentally agreed, your browser will be flooded with various intrusive advertisements and pop-ups. You can get rid of them by following this quick guide:
- Open Safari and click on Safari button in the top-left corner of the screen to select Preferences;
- Go to Websites tab and navigate to Notifications on the left side toolbar.
- Click on Safari > Clear History...
- Then choose to clear All history and hit Clear History button to confirm.
- Go to Safari > Preferences and then open Privacy tab.
- Click Manage Website Data... then Remove All. To finish, click Done.
- Finally, clear Safari cache. In Safari Menu, click Develop > Clear Cache.
Remove Quick access to Chat GPT from Internet Explorer
TIP: If you are still using IE, we strongly advise using Microsoft Edge or a different browser because Microsoft is no longer providing technical or security support for IE browser.
Remove suspicious extensions from IE
- Now, go back to Toolbars and Extensions.
- Below Show:, select All add-ons.
- Right-click suspicious extensions and choose Disable, or, if available - Remove.
- If any pop-up appears, confirm your choice.
Tip: If you can't find any suspicious extensions, most likely you have uninstalled them via Programs and Features already. This mostly applies to IE browser.
Change default search provider and remove suspicious ones
- Open Internet Explorer and click on the gear icon in the top right of the window.
- Then select Manage Add-ons.
- Here, click on Search Providers tab.
- Here, we recommend setting Bing, Google or another trusted and well-known search provider as default. To do it, right-click the provider and choose Set as default.
- Now you can right-click suspicious search providers and choose Remove.
Change IE Home Page
- In Internet Explorer, click the gear icon in the top left corner.
- Choose Internet Options.
- Change Home Page URL to whatever page you want to use as your homepage.
- Click Apply.
- Click OK.
Block pop-up notifications on Internet Explorer
Suspicious websites can gain access to your Internet Explorer browser through push notifications. If you enable them even by accident, you will start receiving numerous annoying ads and other advertising content while browsing. The easiest way to remove push-notification viruses is by performing the following steps:
- In Internet Explorer, click on the Menu (the gear button) on the top-right corner of the window, then select Internet Options.
- Go to the Privacy tab;
- Look for Pop-up Blocker section and select Settings;
- Scroll through all URLs and you can Remove them one by one or all at the same time. Click Close.
Reset Internet Explorer
- Click the gear icon in IE menu > Internet Options. Now click on Advanced tab.
- Under Reset Internet Explorer settings, click Reset...
- Click on the checkbox next to Delete personal settings.
- Click Reset.
- To finish, click Close.
Alternative software recommendations
Removing spyware and malware is one step towards cybersecurity. To protect yourself against ever-evolving threats, we strongly recommend purchasing a Premium version of Malwarebytes Anti-Malware, which provides security based on artificial intelligence and machine learning. Includes ransomware protection. See pricing options and protect yourself now.
System Mechanic Ultimate Defense
If you're looking for an all-in-one system maintenance suite that has 7 core components providing powerful real-time protection, on-demand malware removal, system optimization, data recovery, password manager, online privacy protection and secure driver wiping technology. Therefore, due to its wide-range of capabilities, System Mechanic Ultimate Defense deserves Geek's Advice approval. Get it now for 50% off. You may also be interested in its full review.
Disclaimer. This site includes affiliate links. We may earn a small commission by recommending certain products, at no additional cost for you. We only choose quality software and services to recommend.
Norbert Webb is the head of Geek’s Advice team. He is the chief editor of the website who controls the quality of content published. The man also loves reading cybersecurity news, testing new software and sharing his insights on them. Norbert says that following his passion for information technology was one of the best decisions he has ever made. “I don’t feel like working while I’m doing something I love.” However, the geek has other interests, such as snowboarding and traveling.
Leave a Reply