{"id":208179,"date":"2026-01-30T08:42:00","date_gmt":"2026-01-30T13:42:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/01\/30\/researchers-uncover-chrome-extensions-abusing-affiliate-links-and-stealing-chatgpt-access\/"},"modified":"2026-01-30T11:05:08","modified_gmt":"2026-01-30T16:05:08","slug":"researchers-uncover-chrome-extensions-abusing-affiliate-links-and-stealing-chatgpt-access","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/01\/30\/researchers-uncover-chrome-extensions-abusing-affiliate-links-and-stealing-chatgpt-access\/","title":{"rendered":"Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access"},"content":{"rendered":"<p><a href=\"https:\/\/thehackernews.com\/2026\/01\/researchers-uncover-chrome-extensions.html\">Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access<\/a><\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/01\/researchers-uncover-chrome-extensions.html\">https:\/\/thehackernews.com\/2026\/01\/researchers-uncover-chrome-extensions.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-01-30 08:42:00<\/a><\/p>\n<p>Source Domain: <a href=\"thehackernews.com\">thehackernews.com<\/a><\/p>\n<p>Cybersecurity researchers have discovered malicious Google Chrome extensions that come with capabilities to hijack affiliate links, steal data, and collect OpenAI ChatGPT authentication tokens.<\/p>\n<p>One of the extensions in question is Amazon Ads Blocker (ID: pnpchphmplpdimbllknjoiopmfphellj), which claims to be a tool to browse Amazon without any sponsored content. It was uploaded to the Chrome Web Store by a publisher named &#8220;10Xprofit&#8221; on January 19, 2026.<\/p>\n<p>&#8220;The extension does block ads as advertised, but its primary function is hidden: it automatically injects the developer&#8217;s affiliate tag (10xprofit-20) into every Amazon product link and replaces existing affiliate codes from content creators,&#8221; Socket security researcher Kush Pandya said.<\/p>\n<p>Further analysis has determined that Amazon Ads Blocker is part of a larger cluster of 29 browser add-ons that target several e-commerce platforms like AliExpress, Amazon, Best Buy, Shein, Shopify, and Walmart. The complete list is as follows &#8211;<\/p>\n<ul>\n<li>AliExpress Invoice Generator (FREE) &#8211; AliInvoice\u2122\ufe0f (10+ Templates) (ID: mabbblhhnmlckjbfppkopnccllieeocp)<\/li>\n<li>AliExpress Price Tracker &#8211; Price History &#038; Alerts (ID: loiofaagnefbonjdjklhacdhfkolcfgi)<\/li>\n<li>AliExpress Quick Currency &#038; Price Converter (ID: mcaglpclodnaiimhicpjemhcinjfnjce)<\/li>\n<li>AliExpress Deals Countdown &#8211; Flash Sale Timer (ID: jmlgkeaofknfmnbpmlmadnfnfajdlehn)<\/li>\n<li>10Xprofit &#8211; Amazon Seller Tools (FBA &#038; FBM) (ID: ahlnchhkedmjbdocaamkbmhppnligmoh)<\/li>\n<li>Amazon Ads Blocker (ID: pnpchphmplpdimbllknjoiopmfphellj)<\/li>\n<li>Amazon ASIN Lookup 10xprofit (ID: ljcgnobemekghgobhlplpehijemdgcgo)<\/li>\n<li>Amazon Search Suggestion (ID: dnmfcojgjchpjcmjgpgonmhccibjopnb)<\/li>\n<li>Amazon Product Scraper 10xprofit (ID: mnacfoefejolpobogooghoclppjcgfcm)<\/li>\n<li>Amazon Quick Brand Search (ID: nigamacoibifjohkmepefofohfedblgg)<\/li>\n<li>Amazon Stock Checker 999 (ID: johobikccpnmifjjpephegmfpipfbfme)<\/li>\n<li>Amazon Price History Saver (ID: kppfbknppimnoociaomjcdgkebdmenkh)<\/li>\n<li>Amazon ASIN Copy (ID: aohfjaadlbiifnnajpobdhokecjokhab)<\/li>\n<li>Amazon Keyword Cloud Generator (ID:&#8230;<\/li>\n<\/ul>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/01\/researchers-uncover-chrome-extensions.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access https:\/\/thehackernews.com\/2026\/01\/researchers-uncover-chrome-extensions.html Publish Date: 2026-01-30&#8230;<\/p>\n","protected":false},"author":1,"featured_media":208180,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEi4xLoFpuzf6DbHF4Fy9WnEv4INmkiXkLiWxb9Pc7eqWDphv3Wcp57B38zLriR2xberjGDP_Xll60j1q8KmqpFTu9yfBIuyWilyHA97sm4-2CD_yqTOJubfYUKDp_-gkGHS-f-tcZYMk4N3sjwNzcy3GomBw-yVigT-MqY3J77PiGLVQyGK8JKHla5vykAd\/s1700-e365\/chrome.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24],"class_list":["post-208179","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/208179"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=208179"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/208179\/revisions"}],"predecessor-version":[{"id":208181,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/208179\/revisions\/208181"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/208180"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=208179"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=208179"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=208179"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}