The campaign is the latest in a broader trend of threat actors using such exensions to steal data from AI users.

Security Boulevard is a leading cybersecurity news and information portal, offering articles, analysis, and insights on cybersecurity threats, vulnerabilities, and best practices. From the latest trends in cyber threats to expert commentary on security technologies and compliance frameworks, Security Boulevard provides resources for security professionals, IT leaders, and business executives seeking to protect their organizations from cyber attacks and data breaches.

Security Boulevard

LayerX Security discovered 16 malicious Chrome extensions disguised as ChatGPT productivity tools that steal user session tokens to hijack accounts. The extensions intercept authentication tokens and send them to remote servers, allowing attackers to access conversation histories and metadata. This campaign, with about 900 downloads, is part of a broader trend of malicious browser extensions targeting AI users, following similar campaigns like GhostPoster that affected over 840,000 users. The extensions share a common codebase and use consistent branding to appear legitimate, highlighting the growing security risk as AI platforms integrate deeper into enterprise workflows.

LayerX Discovers Malicious Chrome Extensions Stealing ChatGPT Accounts

Malicious Optimizers Hidden Among Popular Ones