Researchers have uncovered a significant security threat targeting ChatGPT users through a coordinated campaign involving 16 malicious Chrome extensions. These extensions, designed to appear as legitimate ChatGPT enhancements, are actively stealing user session authentication tokens, granting attackers full access to compromised accounts and conversations. This sophisticated operation highlights the evolving tactics of cybercriminals exploiting the growing popularity of AI-powered browser tools.
The malicious extensions were identified by LayerX Research analysts, who observed that all 16 variants share nearly identical malicious code. This suggests a single, organized threat actor is behind the operation, which has already seen approximately 900 installations across its different versions. The campaign’s success hinges on its ability to trick users into installing the extensions from the official Chrome Web Store by mimicking trusted productivity applications.
Session Token Interception and Account Access
The primary mechanism of these malicious extensions is session token interception. Once installed, the malware injects malicious code into pages where ChatGPT is accessed. It then hooks into the browser’s core functions, specifically targeting the `window.fetch` function, which handles web requests. This allows the malware to monitor all outgoing traffic from ChatGPT’s official website and intercept requests containing authorization headers.
These authorization headers, essentially digital keys verifying a user’s identity to ChatGPT’s servers, are then quietly extracted by the malicious extension. The stolen session tokens are subsequently transmitted to attacker-controlled servers. With these tokens, cybercriminals can impersonate legitimate users, gaining complete access to their ChatGPT accounts. This includes all stored conversations, data, and any connected services such as Google Drive, Slack, and GitHub.
The effectiveness of this method lies in its stealth. By obtaining valid session tokens, attackers bypass the need for traditional password cracking or exploiting software vulnerabilities. This makes the theft difficult for conventional security tools to detect. The stolen tokens provide an attacker with account-level access identical to that of the legitimate user, enabling uninterrupted access to sensitive information and extensive conversational history.
Beyond authentication tokens, these malicious extensions also gather additional data, including extension metadata and user behavior telemetry. This information is crucial for attackers to maintain persistent, long-term access to compromised accounts and to identify patterns that could be exploited further. The researchers emphasize that the number of installations could rise rapidly as AI-focused extensions continue to gain mainstream adoption.
The discovery underscores the increasing sophistication of threat actors targeting users of AI platforms. As AI integration into daily workflows becomes more common, the attack surface for such platforms expands. Organizations and individual users are advised to treat AI-integrated browser extensions with extreme caution. Thorough vetting before installation is crucial, and security teams should consider implementing extension monitoring technologies and policies to restrict the use of unverified third-party AI tools that require deep browser integration.
The ongoing trend of AI integration into web services presents both opportunities for enhanced productivity and significant security risks. The continued vigilance of users and the proactive measures by security researchers and browser vendors will be essential in mitigating the impact of such evolving threats. The next steps will likely involve efforts by Google to remove these specific malicious extensions from the Chrome Web Store and ongoing research to identify and neutralize similar campaigns.