LayerX Research discovered at least 16 malicious Chrome extensions impersonating ChatGPT productivity tools that are designed to steal account credentials and session tokens. These extensions inject scripts to capture authorization details and metadata, enabling attackers to access chat histories and connected services like Slack and GitHub. #ChatGPT #ChromeWebStore
Keypoints
- LayerX identified 16 Chrome extensions likely created by the same threat actor targeting ChatGPT users.
- The extensions inject a script into chatgpt.com to monitor outbound requests and extract authorization tokens.
- Stolen tokens let attackers authenticate as victims, access chat histories, and reach linked services such as Slack and GitHub.
- The extensions also exfiltrate telemetry, usage metadata, and backend-issued access tokens to third-party servers.
- All 16 extensions remain on the Chrome Web Store with about 900 total downloads, raising concerns about future adoption.
Read More: https://cyberscoop.com/chatgpt-browser-extensions-steal-your-data/