{"id":206736,"date":"2026-01-26T14:36:00","date_gmt":"2026-01-26T19:36:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/01\/26\/malicious-chatgpt-chrome-extensions-are-stealing-account-credentials\/"},"modified":"2026-01-26T14:36:00","modified_gmt":"2026-01-26T19:36:00","slug":"malicious-chatgpt-chrome-extensions-are-stealing-account-credentials","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/01\/26\/malicious-chatgpt-chrome-extensions-are-stealing-account-credentials\/","title":{"rendered":"Malicious ChatGPT Chrome extensions are stealing account credentials"},"content":{"rendered":"<p><a href=\"https:\/\/cyberscoop.com\/chatgpt-browser-extensions-steal-your-data\/\">Malicious ChatGPT Chrome extensions are stealing account credentials<\/a><\/p>\n<p><a href=\"https:\/\/cyberscoop.com\/chatgpt-browser-extensions-steal-your-data\/\">https:\/\/cyberscoop.com\/chatgpt-browser-extensions-steal-your-data\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-01-26 14:36:00<\/a><\/p>\n<p>Source Domain: <a href=\"cyberscoop.com\">cyberscoop.com<\/a><\/p>\n<p>ChatGPT users beware: your browser extensions could be used to steal your accounts and identity.<\/p>\n<p>LayerX Research has identified at least 16 Chrome browser extensions for ChatGPT floating around the internet that promise to enhance work productivity. All show signs of being built by the same threat actor and designed for the same purpose: to pilfer account credentials.<\/p>\n<p>According to security researcher Natalie Zargarov, as legitimate AI browser extensions have become more widely used, \u201cmany of these extensions mimic known brands to gain users\u2019 trust, particularly those designed to enhance interaction with large language models.\u201d<\/p>\n<p>\u201cAs these extensions increasingly require deep integration with authenticated web applications, they introduce a materially expanded browser attack surface,\u201d Zargarov wrote.<\/p>\n<p>That\u2019s what the threat actor appears to have done in this case. The malicious extensions do not deploy malware or attack the model directly, they instead exploit vulnerabilities in the web-based authentication process used to verify ChatGPT users.<\/p>\n<p>In order to work, many of these tools need access to authenticated AI sessions and high-level execution privileges within the browser itself. That combination of \u201chigh privilege, user trust and rapid adoption\u201d makes them attractive targets to compromise for threat actors.<\/p>\n<p>All but one of the extensions compromised their victims in the same way. A script injected into chatgpt.com monitors outbound requests coming from the ChatGPT web application. When a request goes out containing authorization details and the user\u2019s session token data, the malicious extension extracts the information to a remote server.<\/p>\n<p>With the user\u2019s token in hand, the attackers can use them to authenticate ChatGPT sessions under the victim\u2019s identity, access chat histories and applications that connect ChatGPT to other sensitive data sources, like Slack and GitHub.<\/p>\n<p>Beyond token theft, the browser&#8230;<\/p>\n<p><a href=\"https:\/\/cyberscoop.com\/chatgpt-browser-extensions-steal-your-data\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Malicious ChatGPT Chrome extensions are stealing account credentials https:\/\/cyberscoop.com\/chatgpt-browser-extensions-steal-your-data\/ Publish Date: 2026-01-26 14:36:00 Source Domain:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,31,32,34],"class_list":["post-206736","post","type-post","status-publish","format-standard","hentry","category-cybersecurity","tag-ai","tag-exploit","tag-malware","tag-threat-actor"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/206736"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=206736"}],"version-history":[{"count":0,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/206736\/revisions"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=206736"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=206736"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=206736"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}