Researchers found 16 malicious browser extensions for Google Chrome and Microsoft Edge that steal ChatGPT session tokens and send them to attacker-controlled servers. Distributed under the publisher name ChatGPT Mods and in some cases marked as featured, these extensions grant attackers full access to usersβ ChatGPT accounts, conversation history, and metadata, so installed extensions should be removed immediately. #ChatGPT #ChatGPTMods
Keypoints
- Sixteen malicious extensions (15 for Chrome, 1 for Edge) were discovered stealing ChatGPT session tokens.
- The extensions posed as ChatGPT-enhancing tools and sometimes appeared with a βfeaturedβ badge in web stores.
- Stolen session tokens provide attackers with full access to accounts, including conversation history and metadata.
- Extensions also exfiltrate version, language, usage data, and special service keys, enabling persistent profiling and long-term access.
- Google and Microsoft have been notified, but users must manually remove any installed malicious extensions to stop ongoing access.