In last two days, my friend had her CC stolen and Instagram taken over which she accessed from her Mac. Although a rootkit is possible, her browser had three extensions: ublock origin, Google Drive, and "WebChatGPT" [1].<p>Looking into WebChatGPT:<p>- It has full access to all sites<p>- Extension was recently sold by owner [2]<p>- Latest release [3] doesn't match any new commits in the open-source repo [4].<p>- The last change in the repo removes sponsor link for buy me a coffee<p>- Someone opened an issue on the repo calling out spyware [5]<p>What is the best course of action here? Where can we report this? I am going to try to download the extension and follow where the data is sent.<p>* 1 https://tools.zmo.ai/webchatgpt<p>* 2 https://www.buymeacoffee.com/anzorq<p>* 3 https://addons.mozilla.org/en-US/firefox/addon/web-chatgpt/versions/<p>* 4 https://github.com/interstellard/chatgpt-advanced<p>* 5 https://github.com/interstellard/chatgpt-advanced/issues/203
You can add reviews under the chrome and firefox extensions to warn other users and then report both extensions (assuming you are confident about your findings).<p>More of a meta comment: this is pretty much why I don't install any extensions in my browser except an ad blocker.<p>You can use this as an opportunity to teach your friend about security so it doesn't happen again.
> What is the best course of action here? Where can we report this?<p>There is a huge button "Report this add-on for abuse" on every single extension page on addons.mozilla.org.
Firefox recently added capability to remotely disable extensions [1]. Although I was also concerned with the feature when I saw it, I can see how that would be useful in exactly this scenario.<p>* - <a href="https://news.ycombinator.com/item?id=36602193">https://news.ycombinator.com/item?id=36602193</a>
There really need to be some extension store changes. The stores as they exist are not sustainable. Just spitballing:<p>- No binary or closed source releases, Google/Mozilla compile from a public source.<p>- More zealous restrictions (which admitedly Google is already heading towards)<p>- Big fat warnings when accessing cookies or secure fields like passwords or CC. If this makes password managers look scary, good, they <i>should</i> look scary.
I looked at it a little bit and didn't find anything super obvious about collecting info but it does look like it injects ads for their own services into google search results