Researchers Uncover Malicious Chrome Extensions Impacting Millions

Cybersecurity experts have uncovered malicious Google Chrome add-ons capable of stealing affiliate links, data, and OpenAI ChatGPT login information. One such add-on, "Amazon Ads Blocker," claims to block ads on Amazon but secretly replaces affiliate codes with the developer's own, violating Chrome Web Store policies. This add-on is part of a group targeting major online retailers and misleading users about its functionality.

Additionally, a separate group of 16 add-ons has been identified for stealing ChatGPT login credentials by injecting code into chatgpt[.]com. These add-ons, part of a coordinated campaign, exploit the trust in popular AI brands to gain unauthorized access to sensitive data.

The discovery coincides with the emergence of a malware-as-a-service toolkit named Stanley, sold on a Russian cybercrime forum. This toolkit enables the creation of malicious Chrome add-ons that can display fake login pages while maintaining the real URL in the address bar, deceiving users into entering sensitive information.

These findings highlight the growing threat of malicious browser add-ons, which exploit the browser's role as a critical endpoint in modern digital environments. As attackers increasingly target browsers, users are advised to exercise caution when installing add-ons, even from seemingly reputable sources.

Stay secure — stay Wavasec. 🔐