Malicious Chrome Extensions Hijack Affiliate Links and Steal ChatGPT Tokens

First reported

30.01.2026 15:42

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

Researchers have discovered malicious Google Chrome extensions that hijack affiliate links, steal data, and exfiltrate OpenAI ChatGPT authentication tokens. The extensions, including Amazon Ads Blocker and others, inject developer affiliate tags into e-commerce links, replacing existing affiliate codes. Additionally, a network of extensions targets ChatGPT users, intercepting authentication tokens to gain unauthorized access to accounts. The extensions violate Chrome Web Store policies and exploit user trust to execute malicious activities. The findings highlight the growing threat of malicious browser extensions, which can serve as lucrative attack vectors for adversaries.

Timeline

30.01.2026 15:42 1 articles · 23h ago

Malicious Chrome Extensions Hijack Affiliate Links and Steal ChatGPT Tokens
Researchers have discovered malicious Google Chrome extensions that hijack affiliate links, steal data, and exfiltrate OpenAI ChatGPT authentication tokens. The extensions, including Amazon Ads Blocker and others, inject developer affiliate tags into e-commerce links, replacing existing affiliate codes. Additionally, a network of extensions targets ChatGPT users, intercepting authentication tokens to gain unauthorized access to accounts. The extensions violate Chrome Web Store policies and exploit user trust to execute malicious activities. The findings highlight the growing threat of malicious browser extensions, which can serve as lucrative attack vectors for adversaries.
Show sources

Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access — thehackernews.com — 30.01.2026 15:42
Open in new tab

Information Snippets

Amazon Ads Blocker (ID: pnpchphmplpdimbllknjoiopmfphellj) blocks ads but primarily injects the developer's affiliate tag (10xprofit-20) into Amazon product links.
First reported: 30.01.2026 15:42

1 source, 1 article
Show sources
- Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access — thehackernews.com — 30.01.2026 15:42
The extension is part of a larger cluster of 29 browser add-ons targeting e-commerce platforms like AliExpress, Amazon, Best Buy, Shein, Shopify, and Walmart.
First reported: 30.01.2026 15:42

1 source, 1 article
Show sources
- Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access — thehackernews.com — 30.01.2026 15:42
The extensions scrape product data and exfiltrate it to "app.10xprofit[.]io".
First reported: 30.01.2026 15:42

1 source, 1 article
Show sources
- Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access — thehackernews.com — 30.01.2026 15:42
Four other extensions with over 100,000 users steal data, including clipboard permissions, cookies, and search terms.
First reported: 30.01.2026 15:42

1 source, 1 article
Show sources
- Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access — thehackernews.com — 30.01.2026 15:42
A network of 16 extensions intercepts and steals ChatGPT authentication tokens, allowing attackers to impersonate users and access their conversation history.
First reported: 30.01.2026 15:42

1 source, 1 article
Show sources
- Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access — thehackernews.com — 30.01.2026 15:42
The Stanley malware-as-a-service toolkit allows criminals to create malicious Chrome extensions that serve phishing pages within an HTML iframe.
First reported: 30.01.2026 15:42

1 source, 1 article
Show sources
- Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access — thehackernews.com — 30.01.2026 15:42