Researchers Find Chrome Extensions Misusing Affiliate Links and Hijacking ChatGPT Access
Recent findings by cybersecurity specialists highlight a troubling trend involving malicious Google Chrome extensions. These extensions are designed to hijack affiliate links, steal sensitive data, and collect OpenAI ChatGPT authentication tokens.
Malicious Chrome Extensions Identified
A primary example of such an extension is the “Amazon Ads Blocker,” introduced on January 19, 2026, by a publisher called “10Xprofit.” While it claims to eliminate sponsored content from Amazon browsing, it primarily serves a more sinister purpose.
Kush Pandya, a security researcher at Socket, stated that the extension injects the developer’s affiliate code, “10xprofit-20,” into all Amazon product links. This action effectively replaces existing affiliate codes used by content creators, robbing them of their rightful commissions.
Broader Context of Malicious Activity
This extension is not an isolated incident. It is part of a network of 29 browser add-ons that target various e-commerce platforms, including:
- AliExpress
- Amazon
- Best Buy
- Shein
- Shopify
- Walmart
The complete list of identified extensions includes:
- AliExpress Invoice Generator (ID: mabbblhhnmlckjbfppkopnccllieeocp)
- AliExpress Price Tracker (ID: loiofaagnefbonjdjklhacdhfkolcfgi)
- Amazon ASIN Lookup 10xprofit (ID: ljcgnobemekghgobhlplpehijemdgcgo)
- Amazon Product Scraper 10xprofit (ID: mnacfoefejolpobogooghoclppjcgfcm)
- Walmart Search By Image (ID: mcaihdkeijgfhnlfcdehniplmaapadgb)
These extensions not only manipulate affiliate links but also scrape product data and send it to an external site, further compromising user safety. Malicious code within these extensions scans for affiliate tags across Amazon links and alters them to benefit the developer.
Violation of Trust and Policies
Such practices breach Google Chrome Web Store’s policies, which mandate transparency regarding affiliate links and require user interaction before modification. The misleading disclosures often misrepresent the true nature of the extensions, creating user consent under false pretenses.
In addition to hijacking affiliate links, researchers identified another set of 16 extensions aimed at stealing ChatGPT authentication tokens. Collectively, these extensions were downloaded approximately 900 times and are suspected of being part of a coordinated campaign.
The Growing Threat of Browser Extensions
The rise of AI-related browser extensions has created new security vulnerabilities. Users often overlook potential risks, trusting the legitimacy of widely-used brands. Consequently, seemingly harmless extensions can facilitate serious breaches, granting attackers access to confidential data and conversations.
Security experts caution against the growing trend of malicious extensions and recommend vigilance when downloading browser tools. As more users rely on these utilities for everyday tasks, maintaining cybersecurity becomes increasingly crucial.
The emergence of new malware-as-a-service toolkits, like one named Stanley, exacerbates this issue. Selling for $2,000 to $6,000, these kits enable the creation of malicious Chrome extensions that can deceive users with phishing pages while masking the real URL.
In conclusion, as attackers continue to exploit browser extensions for malicious purposes, users must exercise caution and skepticism when assessing the tools they choose to install.
