Coordinated Chrome Extensions Hijack Affiliate Links and Loot ChatGPT Tokens
Security researchers uncovered a coordinated campaign of 29 Chrome extensions that covertly inject affiliate tags into product URLs on major retailers (Amazon, AliExpress, Best Buy, Shein, Shopify, Walmart), siphoning commissions and scraping data; a separate set of 16 extensions targets ChatGPT by injecting scripts into chatgpt.com to steal authentication tokens, enabling access to user conversations and data. The findings also reference a malware-as-a-service kit called Stanley that could help attackers generate extensions capable of bypassing Google’s vetting, highlighting the growing risk of malicious browser extensions as an attack surface.