FakeGPT Walkthrough

Your mission is to analyze the "ChatGPT" browser extension, investigate its malicious functionality, and determine the scope of its impact. This includes identifying how sensitive data is being exfiltrated, tracing account compromises, and evaluating the extension's interactions with the browser and network. Your primary goal is to uncover its capabilities, infection pathways, and the extent of its effect on the organization's network, guiding mitigation efforts and future prevention strategies.

Understanding Chrome Extensions

To effectively analyze the extension, it’s important to understand the key components of a Chrome extension and how they may be abused for malicious purposes:

Anatomy of a Chrome Extension

1. Manifest.json: The core configuration file, specifying metadata, permissions, and behavior. Key fields to inspect:
   • Permissions (e.g., access to cookies, tabs, or external URLs).
   • Host permissions defining interaction with specific domains.
   • Content scripts and web-accessible resources indicating injected or shared functionality.
2. Background Scripts: Persistent scripts managing event handling and browser monitoring. Often exploited for tracking user activity or sending data to remote servers.
3. Content Scripts: Injected into web pages to interact with the DOM. A common vector for data theft or page manipulation.
4. Popup Scripts: Handle the extension's user interface, which may conceal malicious actions or mislead users.
5. Web-Accessible Resources: Files accessible by w