A menace actor has created 16 browser extensions to steal customers’ ChatGPT periods and printed them to the official Chrome and Edge shops, LayerX stories.
Banking on the elevated adoption of AI-powered browser extensions that fulfill customers’ productiveness wants, the menace actor printed 15 extensions to the Chrome Net Retailer and one to the Microsoft Edge Add-ons market.
Marketed as ChatGPT enhancement and productiveness instruments, the extensions have a mixed obtain rely of over 900, they usually had been nonetheless out there by means of the official marketplaces as of January 26, LayerX says.
The instruments had been designed to intercept customers’ ChatGPT session authentication tokens and ship them to a distant server, however they don’t exploit ChatGPT vulnerabilities to take action.
As a substitute, they inject a content material script into chatgpt.com and execute it within the MAIN JavaScript world.
The script screens outbound requests initialized by the net utility, to establish and extract authorization headers and ship them to a second content material script, which exfiltrates them to the distant server.Commercial. Scroll to proceed studying.
“This method permits the extension operator to authenticate to ChatGPT companies utilizing the sufferer’s lively session and procure all customers’ historical past chats and connectors,” LayerX notes.
The cybersecurity firm explains that the content material scripts within the MAIN JavaScript allow the attacker to work together straight with the web page’s native runtime, as an alternative of counting on the browser’s content-script atmosphere.
The analyzed extensions had been additionally seen exfiltrating extension metadata, utilization telemetry and occasion information, and entry tokens issued by the backend and utilized by the extension service.
“This information permits the attacker to additional broaden entry tokens and allows persistent consumer identification, behavioral profiling, and long-lived entry to third-party companies,” LayerX says.
Based mostly on using a shared codebase, writer traits, and comparable icons, branding, and descriptions, the cybersecurity agency believes a single menace actor is behind all 16 extensions.
“By combining MAIN-world execution with authentication token interception, the operators obtained persistent entry to consumer accounts whereas remaining inside the boundaries of normal net habits. Such strategies are notably troublesome to detect utilizing conventional endpoint or community safety instruments,” LayerX notes.
Associated: ‘Stanley’ Malware Toolkit Permits Phishing through Web site Spoofing
Associated: Anthropic MCP Server Flaws Result in Code Execution, Knowledge Publicity
Associated: Chainlit Vulnerabilities Could Leak Delicate Data
Associated: Weaponized Invite Enabled Calendar Knowledge Theft through Google Gemini
