Cybersecurity researchers uncovered harmful Chrome extensions. These add-ons hijack affiliate links and steal ChatGPT access. They also grab user data from popular shopping sites.
How Affiliate Hijacking Works
One extension claims to block Amazon ads. It installs easily from the Chrome store. However, it secretly replaces affiliate tags in product links. The attacker’s tag earns them commissions instead.
For example, content creators lose money when users click shared links. The extension scans URLs automatically. Therefore, no user action triggers the change. This breaks store rules on fair disclosure.
A Large Cluster of Shopping Extensions
Researchers found 29 similar extensions. They target platforms like Amazon, AliExpress, Shein, and Walmart. Many focus on price tools, image search, or deal timers.
Some add fake urgency with countdown clocks. Others scrape product details quietly. Then, they send the data to attacker servers. Consequently, users face rushed buys and lost privacy. Extensions must reveal affiliate use clearly. They need user consent for each change. Moreover, they cannot mix unrelated features like ad blocking and link swaps.
The listed add-ons break these rules. For instance, they hide their true purpose. Therefore, users install them thinking they help shopping. This creates false trust and unfair commissions.
Stealing ChatGPT Authentication Tokens
Another set of 16 extensions targets ChatGPT users. They inject code into the ChatGPT website. This captures login tokens silently. Attackers then access full conversation history.
These tools pose as helpful mods. Examples include prompt managers, voice downloads, and search features. However, they share code and branding. Cumulatively, they gained hundreds of installs.
Why AI Tools Become Risky Targets
AI extensions often need deep browser access. They handle sensitive chats and data. For example, tokens grant account-level control. Attackers read private talks or steal code.
This trend grows as AI enters work routines. Threat actors exploit brand trust. Therefore, harmless-looking add-ons turn into serious threats. No software bugs are needed for access.
Separate reports flagged extensions with high user counts. Some grab clipboard data remotely. Others harvest cookies or force fake search engines. One had a known vulnerability for code execution. These add-ons mix ads, protection claims, or stock alerts. However, they contact shady servers. Consequently, they expose users to broader risks like phishing or data leaks.
Emerging Malware Tools for Extensions
A new toolkit lets criminals build malicious extensions. It promises to pass store checks for a high fee. The extensions show fake login pages inside iframes. They keep the real URL visible.
This tricks even careful users. Attackers manage victims through a control panel. For instance, they spoof banks or payment sites. This makes browsers a prime attack spot today.
Prevention Strategies
Users and organizations can reduce these dangers effectively. First, review permissions carefully before installing any extension. Limit those with broad access to sites or data. Moreover, use real-time monitoring to detect unusual network calls or script injections early.
Regularly audit installed add-ons for unexpected behavior. Enable strict browser policies in managed environments. These steps block affiliate hijacks, token theft, and hidden data exfiltration before harm occurs.
Sleep well, we got you covered.
