So far, at least 3 Chrome extensions contained compromising code to do these attacks. Plus it looks like a FB ad network delivered add did a drive-by install of a fake ChatGPT client. There are likely other methods in use as well.

This is a good report on the details of one of the Chrome Extension hacks that stole 2FA authentication cookies and then used those to change users’ FB accounts, locking them out, and then using their accounts to spread ISIS propaganda and cryptocurrency scams and more, before FB suspended the victim’s account.

A trojanized version of the legitimate ChatGPT extension for Chrome is gaining popularity on the Chrome Web Store, accumulating over 9,000 downloads while stealing Facebook accounts.

Source: Facebook accounts hijacked by new malicious ChatGPT Chrome extension

This is a very sophisticated set of attacks. Depending on the version of the malware used, some of them harvested multiple authentication cookies for other accounts that may also have been logged in during the attack phase. These were then used to access accounts other than FB.

I now delete all cookie files in my browser whenever a tab is closed, a new domain is typed on the address line or the browser is closed. Install the Cookie Auto Delete extension to do this automatically on all browsers that you use. Never check the “Remember me on this computer” option that sometimes appears. Minimize your security vulnerabilities by taking this step.

Browser-based attacks are now among the most common attacks.

Never click on an attached file in email – even if it looks like PDF or a MS Word DOC or spreadsheet file. Hackers know how to send you what look like legitimate files but in fact, contain code, a hidden file extension enabling the code or script to execute, and may be padded with excess data to make them huge (like 500 megabytes) because some anti-virus software won’t scan huge files in email attachments to avoid slowing down your system so much.

The usual rule is its okay to click on an extension sent by someone you personally know. Except that has a big hole in it – one time the Executive Director of a volunteer group I worked for helpfully sent out a file to everyone in the non-profit – which contained a virus to use your computer for other purposes. Incredibly, nothing was illegal about this attack – it displayed a 25 page license agreement before you proceeded. I was the only person who read the agreement – it fully disclosed in the agreement that it was, basically, a virus! Hah!

Your friend’s computer might be compromised. Better to verify that they’ve intended to send you something before you open it.

Coldstreams Skeptic