The National Telecom and Information Technology Security Board has issued a cybersecurity advisory cautioning against hackers targeting Pakistanis through browser extensions such as ChatGPT-4, Gemini for Chrome, and over a dozen other tools to steal private data.
The advisory, shared by advergic.com, highlights the heightened risks for users, especially those utilizing virtual private networks (VPNs) and artificial intelligence tools. Hackers are reportedly leveraging fake techniques to inject malicious code and compromise user security.
Also Read: Google Unveils Pakistan’s Top Searches of 2024: Here’s the list
According to the advisory, phishing tactics are being used to deliver malicious code, aiming to infiltrate legitimate browser extensions and steal users’ Personally Identifiable Information (PII). At least 16 commonly used extensions, including VPNs and AI chatbots, are believed to be affected.
- AI Assistant – ChatGPT and Gemini for Chrome
- Bard AI Chat Extension
- GPT 4 Summary with OpenAI
- Search CoPilot AI Assistant for Chrome
- Wayin AI
- VPNCity
- Internet VPN
- Vidniz Flex Video Recorder
- VidHelper Video Downloader
- Bookmark Favicon Changer
- UVoice
- Reader Mode
- Parrot Talks
- Primus
- Trackker – Online Keylogger Tool
- AI Shop Buddy
- Rewards Search Automation etc.
The advisory offers the following recommendations to protect yourself from potential threats:
- Avoid using the mentioned extensions for now and opt for well-known, trusted alternatives.
- Only install extensions from reliable and verified sources.
- Take the time to review permissions and user ratings before installing any extension.
- Limit the permissions granted to extensions wherever possible.
- Keep your extensions updated regularly to ensure they have the latest security patches.
- Remove extensions that you no longer use to minimize risk.
- Invest in a reputable, licensed antivirus software for added protection.
- Be cautious when using free extensions, as they may pose higher security risks.
- Keep an eye on your system utilities and data usage for any unusual activity.