LayerX: Malicious ChatGPT Chrome extensions are stealing account credentials<\/title> <meta name=\"description\" content=\"A threat actor is seeding the internet with AI browser extensions that can intercept a user\u2019s authenticated session tokens and hijack accounts.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/chatgpt-browser-extensions-steal-your-data\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"LayerX: Malicious ChatGPT Chrome extensions are stealing account credentials\"> <meta property=\"og:description\" content=\"Malicious chatGPT \u201cproductivity\u201d Chrome extensions can hijack your session, here's how the token-theft attack works and what to do now.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/chatgpt-browser-extensions-steal-your-data\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2026-01-26T19:32:25+00:00\"> <meta property=\"article:modified_time\" content=\"2026-01-26T19:32:28+00:00\"> <meta name=\"author\" content=\"djohnson\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:title\" content=\"Some ChatGPT browser extensions are stealing your data\"> <meta name=\"twitter:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/some-chatgpt-browser-extensions-are-stealing-your-data-2.jpg\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1765909325g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1767719924g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1767808656g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/87543\"><meta name=\"generator\" content=\"WordPress 6.8.3\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=87543\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fchatgpt-browser-extensions-steal-your-data%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fchatgpt-browser-extensions-steal-your-data%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-87543 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/chatgpt-browser-extensions-steal-your-data\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.671875\">\n<div class=\"single-article__header-content\" readability=\"34.355329949239\">\n<p> A threat actor is seeding the internet with AI browser extensions that can intercept a user\u2019s authenticated session tokens and hijack accounts. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/87543\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"480\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/some-chatgpt-browser-extensions-are-stealing-your-data.jpg?resize=640%2C480&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/some-chatgpt-browser-extensions-are-stealing-your-data-2.jpg 4000w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/some-chatgpt-browser-extensions-are-stealing-your-data-2.jpg?resize=300,225 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/some-chatgpt-browser-extensions-are-stealing-your-data-2.jpg?resize=768,576 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/some-chatgpt-browser-extensions-are-stealing-your-data-2.jpg?resize=1024,768 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/some-chatgpt-browser-extensions-are-stealing-your-data-2.jpg?resize=1536,1152 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/some-chatgpt-browser-extensions-are-stealing-your-data-2.jpg?resize=2048,1536 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/some-chatgpt-browser-extensions-are-stealing-your-data-2.jpg?resize=600,450 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/some-chatgpt-browser-extensions-are-stealing-your-data-2.jpg?resize=224,168 224w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/some-chatgpt-browser-extensions-are-stealing-your-data-2.jpg?resize=449,337 449w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/some-chatgpt-browser-extensions-are-stealing-your-data-2.jpg?resize=900,675 900w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/some-chatgpt-browser-extensions-are-stealing-your-data-2.jpg?resize=1124,843 1124w\" sizes=\"(max-width: 900px) 100vw, 900px\"><figcaption> A threat actor is seeding the internet with AI browser extensions that can intercept a user\u2019s authenticated session tokens and hijack accounts. (Photo by VCG\/VCG via Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"40.865671641791\"><body readability=\"83.468646864686\"><\/p>\n<p>ChatGPT users beware: your browser extensions could be used to steal your accounts and identity.<\/p>\n<p>LayerX Research has identified at least 16 Chrome browser extensions for ChatGPT floating around the internet that promise to enhance work productivity. All show signs of being built by the same threat actor and designed for the same purpose: to pilfer account credentials.<\/p>\n<p>According to security researcher Natalie Zargarov, as legitimate AI browser extensions have become more widely used, \u201cmany of these extensions mimic known brands to gain users\u2019 trust, particularly those designed to enhance interaction with large language models.\u201d<\/p>\n<p>\u201cAs these extensions increasingly require deep integration with authenticated web applications, they introduce a materially expanded browser attack surface,\u201d Zargarov <a href=\"https:\/\/layerxsecurity.com\/blog\/how-we-discovered-a-campaign-of-16-malicious-extensions-chatgpt\/\">wrote<\/a>.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>That\u2019s what the threat actor appears to have done in this case. The malicious extensions do not deploy malware or attack the model directly, they instead exploit vulnerabilities in the web-based authentication process used to verify ChatGPT users.<\/p>\n<p>In order to work, many of these tools need access to authenticated AI sessions and high-level execution privileges within the browser itself. That combination of \u201chigh privilege, user trust and rapid adoption\u201d makes them attractive targets to compromise for threat actors.<\/p>\n<p>All but one of the extensions compromised their victims in the same way. A script injected into chatgpt.com monitors outbound requests coming from the ChatGPT web application. When a request goes out containing authorization details and the user\u2019s session token data, the malicious extension extracts the information to a remote server.<\/p>\n<p>With the user\u2019s token in hand, the attackers can use them to authenticate ChatGPT sessions under the victim\u2019s identity, access chat histories and applications that connect ChatGPT to other sensitive data sources, like Slack and GitHub.<\/p>\n<p>Beyond token theft, the browser extensions also send metadata, usage telemetry and backend-issued access tokens used by the extension service to a third-party server.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The browsers share similar codebases used across different identities, consistent publisher characteristics across multiple listings and \u201chighly similar icons, branding and descriptions.\u201d In addition to their overlapping advertised functionality for enhancing productivity, they also displayed overlapping behaviors such as uploading batches of extensions on the same day, synchronized updates to several extensions at once, share backend infrastructure and web domains.<\/p>\n<p>According to Zagarov\u2019s blog, all 16 of the malicious extensions remain available on the Chrome Web Store today. CyberScoop has reached out to Google, which manages the Chrome browser, for comment.<\/p>\n<p>All told, downloads have been low: about 900 total across the 16 browser extensions LayerX identified. Zagarov notes this is \u201ca drop in the bucket\u201d compared to other major browser extension campaigns like GhostPoster, which was <a href=\"https:\/\/layerxsecurity.com\/blog\/browser-extensions-gone-rogue-the-full-scope-of-the-ghostposter-campaign\/\">downloaded<\/a> more than 830,000 times and the Roly Poly VPN extension, which <a href=\"https:\/\/layerxsecurity.com\/blog\/rolypoly-vpn-the-malicious-free-vpn-extension-that-keeps-coming-back\/\">had over<\/a> 31,000 documented installations.<\/p>\n<p>But Zagarov said given the increasing popularity of AI browser extensions and the evidence that other actors are targeting the same weaknesses, time is not on defenders\u2019 side.<\/p>\n<p>\u201cIt just takes one iteration for a malicious extension to become popular,\u201d Zargarov wrote. \u201cWe believe that GPT optimizers will soon become as popular as (not more than) VPN extensions, which is why we prioritized the publication of this analysis. Our goal is to shut it down BEFORE it hits critical mass.\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.3767123287671\">\n<div class=\"author-card\" readability=\"13\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/some-chatgpt-browser-extensions-are-stealing-your-data-1.jpg?w=640&ssl=1\" alt=\"Derek B. Johnson\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Derek B. Johnson<\/h4>\n<p> Derek B. Johnson is a reporter at CyberScoop, where his beat includes cybersecurity, elections and the federal government. Prior to that, he has provided award-winning coverage of cybersecurity news across the public and private sectors for various publications since 2017. Derek has a bachelor\u2019s degree in print journalism from Hofstra University in New York and a master\u2019s degree in public policy from George Mason University in Virginia. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/chatgpt-browser-extensions-steal-your-data\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>LayerX: Malicious ChatGPT Chrome extensions are stealing account credentials Skip<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1997,235,384,613,5849,1774,78,5850,564,256],"tags":[2000,236,388,618,5851,1777,86,5852,565,262],"class_list":["post-8297","post","type-post","status-publish","format-standard","hentry","category-access-tokens","category-ai","category-artificial-intelligence-ai","category-authentication","category-browser-extensions","category-chrome","category-cybersecurity","category-layerx","category-openai","category-research","tag-access-tokens","tag-ai","tag-artificial-intelligence-ai","tag-authentication","tag-browser-extensions","tag-chrome","tag-cybersecurity","tag-layerx","tag-openai","tag-research"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/access-tokens\/\" rel=\"category tag\">access tokens<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ai\/\" rel=\"category tag\">AI<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/artificial-intelligence-ai\/\" rel=\"category tag\">artificial intelligence (AI)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/authentication\/\" rel=\"category tag\">authentication<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/browser-extensions\/\" rel=\"category tag\">browser extensions<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/chrome\/\" rel=\"category tag\">Chrome<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/layerx\/\" rel=\"category tag\">LayerX<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/openai\/\" rel=\"category tag\">OpenAI<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/research\/\" rel=\"category tag\">Research<\/a>","tag_info":"Research","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8297","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=8297"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8297\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=8297"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=8297"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=8297"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":8297,"date":"2026-01-26T13:32:25","date_gmt":"2026-01-26T19:32:25","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=87543"},"modified":"2026-01-26T13:32:25","modified_gmt":"2026-01-26T19:32:25","slug":"some-chatgpt-browser-extensions-are-stealing-your-data","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2026\/01\/26\/some-chatgpt-browser-extensions-are-stealing-your-data\/","title":{"rendered":"Some ChatGPT browser extensions are stealing your data"},"content":{"rendered":"