Source: Malwarebytes
Security researchers have discovered 16 malicious browser extensions for Google Chrome and Microsoft Edge that steal ChatGPT session tokens, giving attackers full access to victim accounts including conversation history and metadata.
The Threat
The malicious extensions (15 for Chrome, 1 for Edge) claim to “improve and optimize” ChatGPT but instead siphon users’ session tokens to attacker-controlled backends. All 16 extensions share the same publisher name: “ChatGPT Mods”.
Despite benign descriptions and in some cases a “featured” badge, these extensions are designed to hijack ChatGPT identities by stealing session authentication tokens.
What Attackers Get
With stolen session tokens, attackers gain:
- Full access to the victim’s ChatGPT account
- Complete conversation history
- Account metadata
- Ability to maintain persistent access
The extensions also collect data about themselves (version, language settings), usage patterns, and special keys – allowing attackers to build behavioral profiles of victims over time.
Malicious Extensions to Remove
If you have any of these installed, remove them immediately:
- ChatGPT bulk delete, Chat manager
- ChatGPT export, Markdown, JSON, images
- ChatGPT folder, voice download, prompt manager
- ChatGPT message navigator, history scroller
- ChatGPT Prompt Manager, Folder, Library
- ChatGPT pin chat, bookmark
- ChatGPT prompt optimization
- ChatGPT Token counter
- ChatGPT model switch
- And several more with similar names
The Bigger Picture
This campaign reflects a broader trend of malicious actors targeting AI-powered browser extensions. As adoption of AI productivity tools grows, attackers are increasingly impersonating known brands to gain users’ trust.
Recommendations
- Only install extensions from trusted, verified publishers
- Review extension permissions carefully before installing
- Regularly audit installed extensions
- If compromised, rotate your ChatGPT session by logging out of all devices
- Consider using ChatGPT’s official features rather than third-party extensions
Microsoft and Google have been notified, but already-installed extensions may remain active until manually removed.
