← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
“FakeGPT”: New Variant of Fake-ChatGPT Chrome Extension Stealing Facebook Ad Accounts with Thousands of Daily Installs
WHITE CyberHunter_NL 2023-03-13 Modified: 2023-03-13
35
IOCs
MEDIUM VOLUME
Here is the full list of Facebook users' posts, posts and other data from the social network, as well as the links to the C2 server and the Facebook Live app, which were updated on Tuesday.
facebook postextension idsapi callsfacebook appmessenger kidsfacebook graph
Indicators of Compromise (35)
All URL hostname domain FileHash-MD5
TYPEINDICATORDESCRIPTIONCREATED
URL https://www.facebook.com/settings/applications/app_details/?app_id=1174099472704185 2023-03-13
hostname xfks.workers.dev 2023-03-13
hostname openai-service.workers.dev 2023-03-13
hostname graph.facebook.com 2023-03-13
hostname df3233.workers.dev 2023-03-13
hostname api2.openai-service.workers.dev 2023-03-13
domain lumtest.com 2023-03-13
URL http://www.facebook.com/v2.0/dialog/oauth/confirm/ 2023-03-13
URL http://www.facebook.com/oauth/device/authorize 2023-03-13
URL http://www.facebook.com/dialog/oauth 2023-03-13
URL http://www.facebook.com/api/graphql/ 2023-03-13
URL http://www.facebook.com/ajax/oauth/device.php 2023-03-13
URL http://www.facebook.com/ajax/bootloader-endpoint/?modules=AdsLWIDescribeCustomersContainer.react 2023-03-13
URL https://www.facebook.com/chatgpt.google/videos/719341863011965/ 2023-03-13
URL https://www.facebook.com/chatgpt.google/ 2023-03-13
URL https://lumtest.com/myip.json 2023-03-13
URL http://graph.facebook.com/v2.6/device/login_status 2023-03-13
URL http://graph.facebook.com/v2.6/device/login 2023-03-13
URL http://graph.facebook.com/v13.0/me/facebook_pages 2023-03-13
URL http://graph.facebook.com/v12.0/v14.0/act_ 2023-03-13
URL http://graph.facebook.com/v12.0/me/businesses 2023-03-13
URL http://graph.facebook.com/v12.0/me/business/adaccount/limits 2023-03-13
URL http://graph.facebook.com/v12.0/me/adaccounts 2023-03-13
URL http://graph.facebook.com/me/?fields=id 2023-03-13
URL http://graph.facebook.com/graphql 2023-03-13
URL http://graph.facebook.com/auth/create_session_for_app 2023-03-13
URL http://graph.facebook.com/ads/adbuilder 2023-03-13
URL http://api2.openai-service.workers.dev/api/update-data-login-account 2023-03-13
URL http://api2.openai-service.workers.dev/api/add-pages 2023-03-13
URL http://api2.openai-service.workers.dev/api/add-data-account 2023-03-13
URL http://api2.openai-service.workers.dev/api/add-business-manager 2023-03-13
URL http://api2.openai-service.workers.dev/api/add-ads-manager 2023-03-13
domain chatgpt.google 2023-03-13
FileHash-MD5 007c0a9101b9e1c8ffab727666805038 2023-03-13
FileHash-MD5 0722a7d5b5a4ac06b11450f7114eb2e9 2023-03-13
References (1)
↗ https://labs.guard.io/fakegpt-new-variant-of-fake-chatgpt-chrome-extension-stealing-facebook-ad-accounts-with-4c9996a8f282