ChatGPT users are being warned about malicious Chrome browser extensions that have been discovered to steal account credentials. LayerX Research identified at least 16 such extensions, all appearing to originate from the same threat actor and designed to compromise user accounts and potentially their identities.
These extensions, often disguised as productivity boosters for AI tools, exploit the authentication process of popular web applications. Security researcher Natalie Zargarov noted that as legitimate AI browser extensions gain traction, malicious actors are increasingly mimicking trusted brands to deceive users.
Malicious Browser Extensions Threaten ChatGPT Accounts
The identified browser extensions do not deploy malware in the traditional sense. Instead, they target the authentication mechanisms used to verify users on platforms like ChatGPT. To function, these tools require access to authenticated sessions and elevated privileges within the browser, making them a prime target for exploitation.
The primary method of attack involves injecting a script into the ChatGPT website. This script monitors outgoing requests for authorization details and session tokens. Once captured, this sensitive information is sent to a remote server, allowing attackers to impersonate the user.
How Attackers Compromise User Sessions
With a stolen session token, attackers can gain unauthorized access to ChatGPT sessions. This allows them to view past chat histories and access any other applications linked to the user’s account, such as Slack or GitHub. Additionally, these extensions have been observed to send metadata, usage telemetry, and backend access tokens to third-party servers.
The malicious extensions share striking similarities, including overlapping codebases, publisher characteristics, and branding. Their advertised functionalities for enhancing productivity also overlap significantly, alongside synchronized release and update schedules, and shared backend infrastructure.
According to Zargarov’s findings, all 16 identified malicious extensions remain available on the Chrome Web Store. While the total number of downloads across these extensions is relatively low, around 900, the risk is amplified by the increasing popularity of AI browser extensions and the potential for future, more widespread campaigns.
The threat actor appears to have designed these extensions with a clear objective: to steal user session data by exploiting the trust users place in browser add-ons that integrate with powerful web applications. This form of attack circumvents traditional security measures by focusing on the user’s authenticated state rather than trying to breach the application’s defenses directly.
Meanwhile, other high-profile browser extension campaigns, such as GhostPoster and Roly Poly VPN, have seen tens of thousands of installations, highlighting the potential for rapid growth in compromised extensions. Zargarov stressed the urgency of addressing this threat before it reaches a critical mass, predicting that AI optimizer extensions could soon rival the popularity of VPN extensions.
CyberScoop has reached out to Google for comment regarding the presence of these malicious extensions on the Chrome Web Store. The situation highlights the growing need for users to exercise caution when installing browser extensions, especially those that promise enhanced functionality for popular online services.
The next steps will likely involve action from Google to remove the identified malicious extensions. Users are advised to review their installed extensions and remain vigilant about the permissions they grant to third-party applications. The evolving landscape of cyber threats targeting AI tools underscores the importance of ongoing security research and user education.