Contents
Quick access to Chat GPT is a malicious Chrome extension that hijacks Facebook accounts. This stealer-like add-on is promoted via sponsored Facebook posts. While it claims to provide access to Chat GPT without the need to visit the official page, it was actually designed for an entirely different task – to silently steal cookies and Facebook account data from active and authenticated user’s sessions. While the malware is designed to hijack Facebook business accounts mainly, individual profiles can also be stolen.
The malware propagates in a worm-like manner. The stealer extension uses two deceptive Facebook apps called portal and msg_kig to establish a backdoor and get full control of victim’s active FB profiles. The process of adding these apps to user’s account is automated, and once the criminals get control over the profiles, they are used to advertise the malware further. This way, the malware attempts to gain super-admin permissions to as many profiles as possible.
Quick access to Chat GPT malicious extension actually allows connecting to the actual chatbot via ChatGPT API. Clicking on the extension icon in the browser opens a prompt that can be used to enter a query for the chatbot.
However, once the extension becomes part of the browser, it becomes capable of sending requests to any services on behalf of the user. This allows the malware to access Meta’s Graph API for developers, which means that the criminals can access your information and act on your behalf on Facebook by employing API calls. The extension even manages to bypass Facebook’s limitations and security measures by using Chrome browser’s declarativeNetRequest API.
Therefore, while the user communicates with the chatbot, the malicious extension actively works in the background. It initiates illegal activities, such as stealing browser metadata and cookies of every authorized active session, no matter what service the user is using. For instance, the extension can steal security and session tokens to Google accounts, Twitter, YouTube and others.
The malware checks for Business Facebook account and extracts various details, including currently running ads, prepay balance, stored balance, users and their roles, currency, and many others. Then the malware sorts the collected information and sends it to its Command&Control (C2) server – api2[.]openai-service[.]workers[.]dev/api/.
The extension registers two malicious apps – portal (no longer available) and msg_kig on target’s account and approving it to get admin mode. The msg_kig app was somehow approved by Facebook, and this fake application uses the icon and name of another, legitimate Facebook application named Messenger Kids.
The malicious application has an extremely lengthy list of permissions, for example, to manage business, groups and ad accounts, events, fundraisers, page conversations, messages, as well as connected Instagram and WhatsApp accounts.
The extension was first noticed on March 3rd, 2023, and was removed from Chrome store on March 9th, 2023. According to Guardio report, the extension was installed by over 2000 users daily before it was removed.
If you have unfortunately installed this malicious extension, you need to remove Quick Access to Chat GPT malware immediately. The instructions provided below this article will help you to complete this process.
Name | Quick Access to Chat GPT extension |
Type | Malware; Information stealer; Stealer-extension |
Damage | The malicious extension steals cookies and tokens to active sessions to various services and takes full admin control of Facebook accounts. It primarily targets Facebook Business accounts and then uses them to propagate itself by publishing malicious sponsored posts through hijacked accounts. |
Distribution | Deceptive sponsored posts, pop-up ads, malicious installers |
Malicious extension IDs | kgnddmccicfibljeodejjmekeiilkfhk; coegmjlpjblmfpcnleenkhggdebdcpho; boofekcjiojcpcehaldjhjfhcienopme |
Removal | Remove ransomware and related malware from your PC using trustworthy software like INTEGO Antivirus. To repair virus damage on Windows OS files, download and try RESTORO (secure download link). |
Intego Antivirus for Windows
Award-winning antivirus solution for your PC.
Robust security software that provides robust 24/7 real-time protection, Web Shield that stops online threats/malicious downloads, and Prevention engine that wards off Zero-Day threats. Keep your PC safe and protected against ransomware, Trojans, viruses, spyware and other forms of dangerous programs.
Cybercriminals can distribute malicious extensions similar to Quick Access to Chat GPT via hijacked Facebook profiles and other social media accounts, Chrome Web Store, also via rogue websites, pop-up ads.
Users should be careful and avoid installing never-heard-of applications promoted via aggressive online ads. Scammers often tend to hack popular Facebook pages or create phishing pages in order to promote links leading to malicious websites. Such links are typically shortened to obfuscate their suspicious-looking URL.
Besides, if you notice that an extension on Chrome Web Store has a few or no reviews at all – better stay away from it. Unfortunately, many malicious extensions manage to get approved by the Store and become available for users to install, however, they usually do not last long enough to gather any user reviews at all.
In addition, users should be cautious and avoid clicking on suspicious links and downloading files sent via social media messages, email, or other online communication channels. Always confirm that the sender is someone you know or can trust. In case of a doubt, do not risk exposing your computer and your privacy to potential threats.
Furthermore, be careful while browsing the Internet, and try to identify and avoid shady websites that annoyingly attempt to convince you to install recommended browser extensions or other freeware. Some of these rogue websites display pop-up or new tab ads that promote various spyware or malware varieties. Usually, similar ads appear on websites that promote copyright-protected content illegally, for example, rogue movie streaming websites, software crack sites, torrent sites and so on.
If you have accidentally installed the described malware in your Chrome browser, follow the guidelines provided below to understand how you can remove Quick Access to Chat GPT extension for good.
We highly recommend taking action to secure your Facebook account. Change your password and enable 2FA authentication, and revoke permissions from suspicious apps associated with your FB account. For guidelines how to recover your account if it was hacked or stolen, visit this Facebook Help Center article.
OUR GEEKS RECOMMEND
Our team recommends a two-step rescue plan to remove ransomware and other remaining malware from your computer, plus repair caused virus damage to the system:
GeeksAdvice.com editors select recommended products based on their effectiveness. We may earn a commission from affiliate links, at no additional cost to you. Learn more.
Quick access to Chat GPT Removal Tutorial
To remove the unwanted program from your computer, use these instructions below to uninstall associated programs or apps from your Windows or Mac computer. Then scroll down for instructions how to clean each affected web browser individually.
Windows 10/8.1/8 users
Click on the Windows logo to open Windows menu. In search, type control panel and select the matching result. Then go to Programs and Features.
Windows 7 users
First, open Windows menu by clicking on the icon in the lower left corner of the screen. Then go to Control Panel and find section called Programs. Click on the Uninstall a program option under it.
Windows XP users
In Windows XP, click Start > Control Panel > Add or Remove Programs.
Uninstall unwanted programs
Once in Programs and Features, look through the list of installed programs. You can click on Installed on tab to sort the programs by their installation date.
Right-click on suspicious programs you can't remember installing and choose Uninstall. Follow instructions provided by the Uninstall Wizard, click Next and finally Finish to uninstall the unwanted program from your PC.
Remove Quick access to Chat GPT from Mac
Remove using INTEGO ANTIVIRUS for Mac (includes scanning for iOS devices). The one-of-a-kind security suite provides VirusBarrier X9 real-time protection against Mac and Windows-based malware, removes existing threats and scans for malware in popular e-mail clients. Includes NetBarrier X9, an intelligent firewall for home, work and public connections.
Remove Quick access to Chat GPT from Google Chrome
Remove suspicious Chrome extensions
Change Start Page settings
Change default search settings
Remove push notifications from Chrome
If you want to get rid of the annoying ads and so-called push-notifications viruses, you must identify their components and clean your browser. You can easily remove ads from Chrome by following these steps:
Reset Google Chrome browser
Remove Quick access to Chat GPT from Mozilla Firefox
Remove unwanted add-ons from Firefox
Change Firefox Homepage
Alter preferences in Firefox
Remove annoying push notifications from Firefox
Suspicious sites that ask to enable push notifications gain access to Mozilla's settings and can deliver intrusive advertisements when browsing the Internet. Therefore, you should remove access to your browser by following these simple steps:
Reset Mozilla Firefox
Remove Quick access to Chat GPT from Microsoft Edge
Remove suspicious extensions:
Change MS Edge Start Page and default search engine:
Turn off push notifications in Edge
If you keep receiving pop-up ads or other promotional content while browsing on Microsoft Edge, your browser might be corrupted by a potentially unwanted program (PUP). You have to clean it — follow these easy instructions:
Clear browsing data
Remove Quick access to Chat GPT from Safari
Uninstall suspicious Safari extensions
Change Safari Homepage and default search engine
Remove push notifications on Safari
Some suspicious websites can try to corrupt your Safari by asking to enable push notifications. If you have accidentally agreed, your browser will be flooded with various intrusive advertisements and pop-ups. You can get rid of them by following this quick guide:
Reset Safari
Remove Quick access to Chat GPT from Internet Explorer
TIP: If you are still using IE, we strongly advise using Microsoft Edge or a different browser because Microsoft is no longer providing technical or security support for IE browser.
Remove suspicious extensions from IE
Change default search provider and remove suspicious ones
Change IE Home Page
Block pop-up notifications on Internet Explorer
Suspicious websites can gain access to your Internet Explorer browser through push notifications. If you enable them even by accident, you will start receiving numerous annoying ads and other advertising content while browsing. The easiest way to remove push-notification viruses is by performing the following steps:
Reset Internet Explorer
Malwarebytes Anti-Malware
Removing spyware and malware is one step towards cybersecurity. To protect yourself against ever-evolving threats, we strongly recommend purchasing a Premium version of Malwarebytes Anti-Malware, which provides security based on artificial intelligence and machine learning. Includes ransomware protection. See pricing options and protect yourself now.
System Mechanic Ultimate Defense
If you're looking for an all-in-one system maintenance suite that has 7 core components providing powerful real-time protection, on-demand malware removal, system optimization, data recovery, password manager, online privacy protection and secure driver wiping technology. Therefore, due to its wide-range of capabilities, System Mechanic Ultimate Defense deserves Geek's Advice approval. Get it now for 50% off. You may also be interested in its full review.
Disclaimer. This site includes affiliate links. We may earn a small commission by recommending certain products, at no additional cost for you. We only choose quality software and services to recommend.
Norbert Webb is the head of Geek’s Advice team. He is the chief editor of the website who controls the quality of content published. The man also loves reading cybersecurity news, testing new software and sharing his insights on them. Norbert says that following his passion for information technology was one of the best decisions he has ever made. “I don’t feel like working while I’m doing something I love.” However, the geek has other interests, such as snowboarding and traveling.
STOP/DJVU ransomware in 2024: 862 versions, latest ones using KAAA, UAJS, UAZQ, LOOY, VOOK extensions…
Up 2 Date hijacks browser settings to promote a fake search engine Up 2 Date…
Gosearches.gg is a fake search engine pushed via browser hijackers Gosearches.gg is a fake search…
Search-alpha.com redirects are caused by a browser hijacker Search-alpha.com is a fake search engine that…
COZA ransomware is a threat to your personal files COZA ransomware is a malicious computer…
BOTY ransomware encrypts files, demands a ransom BOTY ransomware is a computer virus that uses…
This website uses cookies.