Malicious ChatGPT Chrome extensions are stealing account credentials

ChatGPT users beware: your browser extensions could be used to steal your accounts and identity.

LayerX Research has identified at least 16 Chrome browser extensions for ChatGPT floating around the internet that promise to enhance work productivity. All show signs of being built by the same threat actor and designed for the same purpose: to pilfer account credentials.

According to security researcher Natalie Zargarov, as legitimate AI browser extensions have become more widely used, “many of these extensions mimic known brands to gain users’ trust, particularly those designed to enhance interaction with large language models.”

“As these extensions increasingly require deep integration with authenticated web applications, they introduce a materially expanded browser attack surface,” Zargarov wrote.

That’s what the threat actor appears to have done in this case. The malicious extensions do not deploy malware or attack the model directly, they instead exploit vulnerabilities in the web-based authentication process used to verify ChatGPT users.

In order to work, many of these tools need access to authenticated AI sessions and high-level execution privileges within the browser itself. That combination of “high privilege, user trust and rapid adoption” makes them attractive targets to compromise for threat actors.

All but one of the extensions compromised their victims in the same way. A script injected into chatgpt.com monitors outbound requests coming from the ChatGPT web application. When a request goes out containing authorization details and the user’s session token data, the malicious extension extracts the information to a remote server.

With the user’s token in hand, the attackers can use them to authenticate ChatGPT sessions under the victim’s identity, access chat histories and applications that connect ChatGPT to other sensitive data sources, like Slack and GitHub.

Beyond token theft, the browser…

Source