Cybersecurity researchers have discovered a malicious Google Chrome extension with the ability to hijack affiliate links, steal data, and collect OpenAI ChatGPT authentication tokens.
One of the extensions in question is Amazon Ads Blocker (ID: pnpchphmplpdimbllknjoiopmfphellj), which claims to be a tool for browsing Amazon without sponsored content. It was uploaded to the Chrome Web Store on January 19, 2026 by a publisher named ’10Xprofit’.
“This extension blocks ads as advertised, but its main functionality is hidden: it automatically inserts the developer’s affiliate tag (10xprofit-20) into all Amazon product links, replacing existing affiliate codes from content creators,” said Kush Pandya, a socket security researcher.
Further analysis revealed that Amazon Ads Blocker is part of a larger cluster of 29 browser add-ons targeting several e-commerce platforms, including AliExpress, Amazon, Best Buy, Shein, Shopify, and Walmart. Here is the complete list –
AliExpress Invoice Generator (Free) – AliInvoice™️ (10+ Templates) (ID: mabbblhhnmlckjbfppkopnccllieeocp) AliExpress Price Tracker – Price History and Alerts (ID: loiofaagnefbonjdjklhacdhfkolcfgi) AliExpress Quick Currency & Price Converter (ID: mcaglclodnaiimhicpjemhcinjfnjce) AliExpress Countdown – Flash Sale Timer (ID: jmlgkeaofknfmnbpmlmadnfnfajdlehn) 10Xprofit – Amazon Seller Tools (FBA and FBM) (ID: ahlnchhkedmjbdocaamkbmhppnligmoh) Amazon Ad Blocker (ID: pnpchphmplpdimbllknjoiopmfphellj) Amazon ASIN Lookup 10xprofit (ID: ljcgnobemekghgobhlplpehijemdgcgo) Amazon Search Suggestions (ID: dnmfcojgjchpjcmjgpgonmhccibjopnb) Amazon Product Scraper 10xprofit (ID: mnacfoefejolpobogooghoclppjcgfcm) Amazon Quick Brand Search (ID: nigamacoibifjohkmepefofohfedblgg) Amazon Stock Checker 999 (ID: johobikccpnmifjjpephegmfpipfbfme) Amazon Price History Saver (ID: kppfbknppimnoociaomjcdgkebdmenkh) Amazon ASIN Copy (ID: aohfjaadlbiifnnajpobdhokecjokhab) Amazon Keyword Cloud Generator (ID: gfdbbmngalhmegpkejhidhgdpmehlmnd) Amazon Image Downloader (ID: cpcojeeblggnjjgnpiicndnahfhjdobd) Amazon Negative Review Hider (ID: hkkkipfcdagiocekjdhobgmlkhejjfoj) Amazon Listing Score Checker (ID: jaojpdijbaolkhkifpgbjnhfbmckoojh) Amazon Keyword Density Searcher (ID: ekomkpgkmieaaekmaldmaljljahehkoi) Amazon Sticky Notes (ID: hkhmodcdjhcidbcncgmnknjppphcpgmh) Amazon Result Numbering (ID: nipfdfkjnidadibpbflijepbllfkokac) Amazon Profit Calculator Lite (ID: behckapcoohededfbgjgkgefgkpodeho) Amazon Weight Converter (ID: dfnannaibdndmkienngjahldiofjbkmj) Amazon BSR Fast View (ID: nhilffccdbcjcnoopblecppbhalagpaf) Amazon Word Count and Seller Tools (ID: goikoilmhcgfidolicnbgggdpckdcoam) Amazon Global Price Checker (ID: mjcgfimemamogfmekphcfdehfkkbmldn) BestBuy Search by image (ID: nppjmiadmakeigiagilkfffplihgjlec) SHEIN Search by image (ID: mpgaodghdhmeljgogbeagpbhgdbfofgb) Shopify Search by Image (ID: gjlbbcimkbncedhofeknicfkhgaocohl) Walmart Search by Image (ID: mcaihdkeijgfhnlfcdehniplmaapadgb)
While “Amazon Ads Blocker” provides the advertised functionality, it also contains malicious code that scans all Amazon product URL patterns for affiliate tags and replaces them with “10xprofit-20” (“_c3pFXV63” for AliExpress) without requiring user interaction. If no tag is present, the attacker’s tag is added to each URL.
Socket also pointed out that the Chrome Web Store’s extension listing page makes misleading disclosures, claiming that developers earn a “small commission” every time a user makes a purchase using a coupon code.
Affiliate links are widely used across social media and websites. These refer to URLs containing specific IDs that allow tracking of traffic and sales to specific marketers. If a user clicks on this link and purchases a product, the affiliate receives a portion of the sale.
Because the extension searches for and replaces existing tags, social media content creators who share Amazon product links and their own affiliate tags will lose commissions when users who install the add-on click on those links.
This is a violation of Chrome Web Store policies. Extensions must use affiliate links to reveal exactly how the program works, require user action each time they are inserted, and must never replace existing affiliate code.
“The disclosure describes coupon and deal extensions that are triggered and published by users. The actual product is an ad blocker with automatic link change functionality,” Pandya explained. “The mismatch between disclosure and enforcement creates false consent.”
“This extension also violates the single-purpose policy because it combines two unrelated features (ad blocking and affiliate injection) that should be separate extensions.”
The identified extension was also found to scrape product data and leak it to ‘app.10xprofit’.[.]io,” AliExpress-focused people provide fake “limited time sale” countdown timers on product pages to create a false sense of urgency and rush purchases in order to earn commissions on affiliate links.
“Extensions that combine affiliate injection with unrelated functionality (ad blocking, price comparison, coupon search) should be treated as high risk, especially those with disclosures that do not match the behavior of the actual code,” Socket said.
The disclosure comes after Broadcom-owned Symantec flagged four different extensions with a combined user base of more than 100,000 and designed to steal data.
Good tab (ID: glckmpfajbjppappjlnhhlofhdhlcgaj). Grant full clipboard permissions to the external domain (‘api.office123456’).[.]com”) to enable remote clipboard read and write permissions Children Protection (ID: giecgobdmgdamgffeoankaipjkdjbfep) implements the ability to connect to remote servers to collect cookies, inject ads, and execute arbitrary JavaScript DPS Websafe (ID: bjoddpbfndnpeohkmpbjfhcppkhgobcg) changes the default search to a managed search to retrieve search terms entered by the user and may route them to the malicious website Stock Informer (ID: beifiidafjobphnbhbbgmgnndjolfcho). This is due to a years-old cross-site (XSS) vulnerability in the Stockdio Historical Chart WordPress plugin (CVE-2020-28707, CVSS score: 6.1) may allow remote attackers to execute JavaScript code.
Researchers Yuanjing Guo and Tommy Dong said: “Browser extensions offer a wide range of useful tools to help you accomplish more online, but you should be very careful when choosing what to install, even if you install from a trusted source.”
Rounding out the list of malicious extensions is another network of 16 add-ons (15 in the Chrome Web Store and 1 in the Microsoft Edge Add-on Marketplace). These add-ons are designed to intercept and steal ChatGPT authentication tokens by injecting content scripts into chatgpt.[.]Com. According to LayerX, the extension has been downloaded approximately 900 times in total.
Extensions qualify as part of a coordinated campaign because they have duplicate source code, icons, branding, and descriptions.
ChatGPT Folder, Audio Download, Prompt Manager, Free Tools – ChatGPT Mods (ID: lmiigijnefpkjcenfbinhdpafehaddag) ChatGPT Audio Download, TTS Download – ChatGPT Mods (ID: obdobankihdfckkbfnoglefmdgmblcld) ChatGPT Pin Chat, Bookmark – ChatGPT Mods (ID: kefnabicobeigajdngijnnjmljehknjl) ChatGPT message navigator, history scroller – ChatGPT Mods (ID: ifjimhnbnbniiiaihphlclkpfikcdkab) ChatGPT model switching, save advanced model usage – ChatGPT Mods (ID: pfgbcfaiglkcoclichlojeaklcfboieh) ChatGPT export, markdown, JSON, images – ChatGPT Mods (ID: hljdedgemmmkdalbnmnpoimdedckdkhm) ChatGPT timestamp display – ChatGPT Mods (ID: afjenpabhpfodjpncbiiahbknnghabdc) ChatGPT bulk deletion, chat manager – ChatGPT Mods (ID: gbcgjnbccjojicobfimcnfjddhpphaod) ChatGPT Search history, search for specific messages – ChatGPT Mods (ID: ipjgfhcjeckaibnohigmbcaonfcjepmb) ChatGPT prompt optimization – ChatGPT Mods (ID: mmjmcfaejolfbenlplfoihnobnggljij) Collapsed messages – ChatGPT Mods (ID: lechagcebaneoafonkbfkljmbmaaoaec) Multi-profile management & switching – ChatGPT Mods (ID: nhnfaiiobkpbenbbiblmgncgokeknnno) Search in ChatGPT – ChatGPT Mods (ID: hpcejjllhbalkcmdikecfngkepppoknd) ChatGPT Token Counter – ChatGPT Mods (ID: hfdpdgblphooommgcjdnnmhpglleaafj) ChatGPT Prompt Manager, Folders, Libraries, Auto Sends – ChatGPT Mods (ID: ioaeacncbhpmlkediaagefiegegknglc) ChatGPT Mods – Free tools like folder audio download (ID: jhohjhmbiakpgedidneeloaoloadlbdj)
As artificial intelligence (AI)-related extensions become increasingly common in enterprise workflows, this development highlights a new attack surface where threat actors can leverage the trust associated with popular AI brands to trick users into installing them.
Because such tools often require a high-level execution context within the browser and access sensitive data, seemingly innocuous extensions can become lucrative attack vectors, allowing attackers to gain persistent access without resorting to exploiting security flaws or other methods that may trigger security alarms.
“Ownership of such a token gives the same account-level access as the user, including access to conversation history and metadata,” said security researcher Natalie Zargalov. “As a result, an attacker can clone and impersonate a user’s access credentials to ChatGPT and gain access to all of the user’s ChatGPT conversations, data, or code.”
Browsers become lucrative attack vectors
This discovery also coincides with the emergence of a new malware-as-a-service toolkit called Stanley, which sells for between $2,000 and $6,000 on Russian cybercrime forums. This toolkit allows scammers to generate a malicious Chrome browser extension that can be used to serve a phishing page within an HTML iframe element while displaying a legitimate URL in the address bar.
Customers of this tool will have access to a C2 panel to manage victims, configure spoofed redirects, and send fake browser notifications. Those who agree to spend $6,000 will receive a guarantee that extensions created using this kit will pass Google’s review process for the Chrome Web Store.
These extensions take the form of covert and harmless note-taking utilities. However, its malicious behavior is activated when the user navigates to a website of interest to the attacker, such as a bank. At that point, a full-screen iframe containing the phishing page is overlaid, leaving the browser’s URL bar intact. This visual deception creates a defensive blind spot that can trick even the most cautious users into entering credentials or sensitive information on a page.
As of January 27, 2025, the service appears to have disappeared, perhaps as a result of its public release, but it is very likely that it will reappear under a different name in the future.
“Stanley offers a turnkey website impersonation operation disguised as a Chrome extension, and its premium tier is guaranteed to be published in the Chrome Web Store,” Varonis researcher Daniel Kelley said earlier this week. “BYOD policies, SaaS-first environments, and remote work have made the browser the new endpoint. Attackers have taken notice. Malicious browser extensions are now the primary attack vector.”
Source link
