Browser extensions the new vector of fraud and theft of ChatGPT tokens

This week security researchers have re-lit the alarms on a risk that many users underestimate: browser extensions. What can seem to be a harmless utility - an ad blocker, a productivity tool or a complement to improve experience with ChatGPT - in several cases has turned out to be a back door to steal data, manipulate affiliate links and even exfilter authentication tokens.

The most striking case is that of an extension that was advertised as an ad blocker for Amazon and that, in addition to removing sponsored content, it silently modified all product links to insert the developer's affiliate label. Socket published a detailed analysis pointing out that the extension "Amazon Ads Blocker" (ID: pnpchphmplpdimlknjoiopmfphellj) was raised by an actor that is presented as "10Xprofit" and that injects the affiliate parameter 10xprofit-20 in Amazon pages, replacing or adding own labels without user interaction ( Socket report).

That complement does not seem to be an isolated case. The same analysis links to a wider set of dozens of e-commerce-oriented extensions that operate in a similar way, affecting shops such as AliExpress, Best Buy, Shein, Shopify and Walmart. In some of these supplements the malicious tags that are injected are different - for example, chains associated with AliExpress as _ c3pFXV63- and in other cases the tools add false "limited offer" counters to press the purchase to capture commissions.

This behavior not only steals revenue from content creators and legitimate affiliates, but also runs into the policies of the extension store: Google requires that extensions using affiliate links declare it accurately, request user action before injecting codes and do not replace third-party labels. The detected practice, according to the researchers, generates misleading consent because the supplement page describes a function different from the one it actually performs ( Chrome Web Store affiliate policy).

In addition to member fraud, other research teams have exposed extensions designed to steal more sensitive information. Broadcom-owned Symantec reported supplements that gave dangerous permissions to external domains, collected cookies, injected ads, changed search engines for others controlled by the attackers and even depended on known vulnerabilities to run remote code. Among the threats identified are extensions that request remote access to the clipboard or redirect searches in order to capture terms introduced by users.

In parallel, another family of extensions has exploited confidence in artificial intelligence brands to attack ChatGPT users. LayerX researchers described a campaign of a ten and a half supplements that inject scripts into chatgpt [.] com in order to capture OpenAI session tokens. These tokens allow an attacker to act with the same permissions as his victim in the ChatGPT account, including access to conversation histories, entries and sensitive data shared in the chats ( LayerX report).

The tactic is of concern for its simplicity and effectiveness: many of these extensions are presented as utilities to improve the experience with language models (prompt managers, voice downloads, conversation organizers) and ask for permission to run code on OpenAI pages. With this access they can intercept and exfiltrate authentication tokens to remote servers controlled by the attackers.

This abuse pattern has been enhanced by the emergence of commercial malware creation kits: tools that allow actors with little knowledge to generate malicious extensions and manage victims from a control panel, including the ability to deploy phishing pages within iframes that appear to belong to legitimate sites. Customers of these services even presume to offer help to overcome the publication filters, which increases the risk because it facilitates the arrival of threats to official shops.

The general finding highlighted by the security teams is clear: the browser has become as valuable an endpoint as the operating system itself. Extensions that require high levels of access are transformed into privileged vectors to exfilter data or manipulate web experience without resorting to conventional exploits, something especially dangerous in working environments that depend on SaaS and cloud tools.

So what can a user or a security officer do to protect himself? The basic and effective starts with careful extension management: review permissions before installing, avoid tools that ask for access to full domains or ability to run scripts anywhere, and distrust of supplements that promise "magic" functions without a verifiable reputation. Google publishes guides and standards for developers and users about the use of affiliates and the design of extensions; it is recommended to know them to recognize non-compliance ( Web Store policies).

If you suspect that an extension has compromised your ChatGPT account, urgent steps include closing OpenAI from all devices, rotating the password and activating the authentication of two factors. It is also appropriate to remove the extension and any other that is suspicious from the browser extension management page (e.g., How to Remove Extensions in Chrome), clean cookies and local tokens and review authorized access in connected applications.

No less important is the response from organizations: companies should apply allowlist controls or blocking policies for extensions in corporate environments, and encourage IT teams to centralize the installation and audit of supplements. When the browser is the gateway to documents, emails and cloud services, the risk of a malicious extension is multiplied.

Finally, it should be remembered that the threat is not new, but more accessible to the attackers. Historical vulnerabilities in third-party plugins remain exploitable if a complement takes advantage of them to run code, as was the case with an old failure in a plugin of graphics that was identified as CVE-2020-28707 and that still appears in attack chains when it is not managed correctly ( detail CVE-2020-28707).

In summary: Extensions can improve day by day, but they can also become tools of fraud and espionage. Check what you have installed, compare permissions with real functionality, remove what you don't need and, if you work in an organization, coordinate policies to control what can be added to your infrastructure browsers. The attackers continue to professionalize their tools; the best response remains a combination of caution, education and technical controls.

To deepen these incidents, I recommend reading Socket's technical analysis of the hijacking of affiliate links ( Socket), LayerX's report on the theft of ChatGPT tokens ( LayerX) and an article that contextualizes the phenomenon of misleading extensions and dangerous permits ( Security.com).