Find notable cyber news and cases, enriched with sources, timelines, and signals.

ChatGPT Mods token-stealing browser-extension campaign

Campaign
First reported
Last updated
Happening score
H score 45
1 unique sources, 1 articles

Summary

Hide ▲

The ChatGPT Mods campaign used 16 browser extensions to inject a content script into chatgpt[.]com, stealing authentication tokens that could let operators impersonate users. The extensions were spread across the Chrome Web Store and Microsoft Edge Add-ons, reaching about 900 downloads before discovery. Their shared code, branding, and descriptions indicate a coordinated operation rather than isolated add-ons.

Related Happenings

Search for perplexity ai malicious Chrome extension

Malware Activity
H score29 First: 29.06.2026 21:40 Last: 29.06.2026 21:40 Sources 1

About this happening: A malicious **Chrome extension** named **Search for perplexity ai** impersonated **Perplexity AI** while **intercepting search traffic** and collecting **browsing information** th...

StegoAd malicious Edge extension operation

Malware Activity
H score19 First: 29.06.2026 11:32 Last: 29.06.2026 11:32 Sources 1

About this happening: The **StegoAd** operation was removed from the **Edge Add-ons store** after hiding payloads in images and fonts, stealing credentials, and driving **ad fraud** across installs tha...

Dormant remote-controlled JavaScript injection path in Adblock for YouTube Chrome extension

Technical Analysis
H score23 First: 25.06.2026 17:12 Last: 25.06.2026 17:12 Sources 1

About this happening: A **Chrome extension** with **10 million+ installs** was found to carry a **dormant script-injection path**, raising the risk of **arbitrary JavaScript execution** across visited...

Commercial adware and traffic-attribution-fraud affiliate operation using Chrome extensions

Threat Actor Meta
H score20 First: 15.06.2026 14:07 Last: 15.06.2026 14:07 Sources 1

About this happening: Researchers found a **commercial adware** and **traffic-attribution-fraud affiliate operation** abusing **Chrome extensions** to fabricate traffic signals and monetize installs, i...

Chrome extension PUP distribution network with fake organic traffic

Malware Activity
H score18 First: 15.06.2026 14:07 Last: 15.06.2026 14:07 Sources 1

About this happening: A network of **152 Google Chrome extensions** is distributing a **potentially unwanted program (PUP) family** through new-tab live-wallpaper add-ons, creating a broad browser-base...

Timeline

  1. 30.01.2026 15:42 2 articles · 5mo ago

    ChatGPT Mods browser extensions steal ChatGPT authentication tokens

    Campaign Scope Update

    A coordinated cluster of 16 browser extensions distributed through the Chrome Web Store and one Microsoft Edge Add-ons listing was identified as injecting a content script into chatgpt[.]com to steal OpenAI ChatGPT authentication tokens, enabling account-level impersonation and access to conversations, metadata, and code. The add-ons shared source code, icons, branding, and descriptions, and the campaign was downloaded about 900 times before discovery.

    Show sources