LayerX Research has uncovered a coordinated campaign involving malicious Chrome browser extensions posing as ChatGPT enhancement and productivity tools. While advertised as helpful add-ons, the extensions are designed to hijack users’ ChatGPT identities by stealing session authentication tokens. The campaign includes at least 16 distinct extensions linked to the same threat actor that have accumulated roughly 900 downloads.
According to the analysis, the extensions share a common mechanism that hijacks ChatGPT session authentication tokens and sends them to a third-party backend. A content script is injected directly into chatgpt.com and executed in the page’s main JavaScript environment.
The script hooks into the browser’s window.fetch function to monitor outbound requests from the ChatGPT web application. When an authorization header is detected, the ChatGPT session token is extracted and passed to another script, which then sends it to a third-party backend. This token grants attackers account-level access equivalent to that of the victim, including full conversation history, metadata, and connected services.
Beyond session tokens, the extensions also exfiltrate extension metadata, usage telemetry, and backend-issued access tokens. This combination of data enables persistent user identification, behavioral profiling, and long-lived access to third-party services such as Google Drive, Slack, and GitHub. When combined, the data can be used to correlate activity across sessions, infer usage patterns, and maintain ongoing access beyond a single browser interaction.
“While these extensions do not exploit vulnerabilities in ChatGPT itself, their design enables session hijacking and covert account access, representing a significant security and privacy risk,” the researchers noted.