Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access

Cybersecurity researchers have discovered malicious Google Chrome extensions that come with the capabilities to hijack affiliate links, steal data, and collect OpenAI ChatGPT authentication tokens.

One of the extensions in question is Amazon Ad Blocker (ID: pnpchphmplpdimbllknjoiopmfhallj), which claims to be a tool for browsing Amazon without any sponsored content. It was uploaded to the Chrome Web Store on January 19, 2026, by a publisher named “10Xprofit”.

“The extension blocks ads as advertised, but its primary function is hidden: it automatically injects the developer’s affiliate tag (10xprofit-20) into every Amazon product link and replaces existing affiliate codes from content creators,” said Socket Security researcher Kush Pandya.

Further analysis revealed that Amazon Ad Blocker is part of a larger group of 29 browser add-ons that target multiple e-commerce platforms such as AliExpress, Amazon, Best Buy, Shein, Shopify, and Walmart. The complete list is as follows –

• AliExpress Invoice Generator (Free) – AliInvoice™️ (10+ Templates) (ID: mabbblhhnmlckjbfppkopnccllieeocp)
• AliExpress Price Tracker – Price History & Alerts (ID: loiofaagnefbonjdjklhacdhfkolcfgi)
• AliExpress Instant Currency and Price Converter (ID: mcaglpclodnaiimhicpjemhcinjfnjce)
• AliExpress Deal Countdown – Flash Sale Timer (ID: jmlgkeaofknfmnbpmlmadnfnfajdlehn)
• 10Xprofit – Amazon Seller Tools (FBA & FBM) (ID: ahlnchhkedmjbdocaamkbmhppnligmoh)
• Amazon Ad Blocker (ID: pnpchphmplpdimbllnknjoiopmfphalj)
• Amazon ASIN Lookup 10xprofit (ID: ljcgnobemekghgobhlplpehijemdgcgo)
• Amazon Search Suggestions (ID: dnmfcojgjchpjcmjgpgonmhccibjopnb)
• Amazon Product Scraper 10xprofit (ID: mnacfoefejolpobogooghoclppjcgfcm)
• Amazon Quick Brand Search (ID: nigamakoibifjohkemeppeoffedblog)
• Amazon Stock Checker 999 (ID: johobikccpnmifjjpephagmfpipfbfme)
• Amazon Price History Saver (ID: kppfbknppimnoociaomjcdgkebdmenkh)
• Amazon ASIN Copy (ID: aohfjaadlbiiifnnajpobdhokecjokab)
• Amazon Keyword Cloud Generator (ID: gfdbbmngalhmegpkejhidhgdpmehlmnd)
• Amazon Image Downloader (ID: cpcojeeblggnjjgnpiicndnahfhjdobd)
• Amazon Negative Review Header (ID: hkkkipfcdagiocekjdhobgmlkhijjfoj)
• Amazon Listing Score Checker (ID: jaojpdijbaolkhkifpgbjnhfbmckoojh)
• Amazon Keyword Density Finder (ID: ekomkpgkmieaeekmaldmaljljahehkoi)
• Amazon Sticky Notes (ID: hkhmodcdjhcidbcncgmnknjppphcpgmh)
• Amazon result ranking (ID: nipfdfkjnidadibbbflijepbllfkokac)
• Amazon Profit Calculator Lite (ID: behckapcoohededfbgjgkgefgkpodeho)
• Amazon Weight Converter (ID: dfnannaibdndmkienngjahldiofjbkmj)
• Amazon BSR Fast View (ID: nhilffccdbcjcnoopblecppbhalagpaf)
• Amazon Character Count and Seller Tools (ID: goikoilmhcgfidolicnbgggdpckdcoam)
• Amazon Global Price Checker (ID: mjcgfimemogfmekphcfdehfkkbmldn)
• Search BestBuy by Image (ID: nppjmiadmakeigiagilkfffplihgjlec)
• Sheen Search by Image (ID: mpgaodghdhmeljgogbeagpbhgdbfofgb)
• Search Shopify by Image (ID: gjlbcimkbncedhofeknicfkhgaocohl)
• Walmart Search by Image (ID: mcaihdkeijgfhnlfcdehniplmaapadgb)

While “Amazon Ad Blocker” provides the advertised functionality, it also embeds malicious code that scans all Amazon product URL patterns for any affiliate tags without requiring any user interaction, and replaces it with “10xprofit-20” (or “_c3pFXV63” for AliExpress). In cases where there are no tags, the attacker’s tag is appended to each URL.

Socket also noted that the extension listing page on the Chrome Web Store makes misleading disclosures, claiming that developers earn a “small commission” whenever a user uses a coupon code to make a purchase.

Affiliate links are widely used on social media and websites. They refer to a URL with a unique ID that enables a particular marketer to track traffic and sales. When a user clicks on this link to purchase a product, the affiliate gets a cut of the sale.

Due to extensions searching for existing tags and replacing them, social media content creators who share Amazon product links with their own affiliate tags lose commission when users who installed the add-on click on those links.

This is a violation of Chrome Web Store policies, as they require extensions that use affiliate links to accurately describe how the program works, require user action before each injection, and never replace existing affiliate code.

“The disclosure describes a coupon/deal extension with user-triggered disclosures. The actual product is an ad blocker with automatic link modification,” Pandya explained. “This mismatch between disclosure and implementation creates false consent.”

“The extension also violates the Single Purpose policy by combining two unrelated functions (ad blocking and affiliate injection) that should be separate extensions.”

The identified extensions were also found to scrape product data and transfer it to “app.10xprofit”[.]io,” focuses on AliExpress serving up fake “limited time deal” countdown timers on product pages to create a false sense of urgency and trick people into making purchases so they can earn commissions on affiliate links.

“Extensions that combine unrelated functionality (ad blocking, price comparison, coupon search) with affiliate injection should be treated as high risk, especially those with disclosures that do not match actual code behavior,” Sockett said.

The revelation came after Broadcom-owned Symantec identified four different extensions that have a combined user base of more than 100,000 users and are designed to steal data –

• Nice tab (ID: glckmpfajbjppappjlnhhlofhdhlcgaj), which grants full clipboard permissions to the external domain (“api.office123456″)[.]com”) to enable remote clipboard-read and clipboard-write permissions
• Child Protection (ID: giecgobdmgdamgffeoankaipjkdjbfep), which implements functionality to collect cookies, inject advertisements, and execute arbitrary JavaScript by contacting remote servers
• DPS WebSafe (ID: bjoddpbfndnpeohkmpbjfhcppkhgobcg), which changes the default search under their control to capture search terms entered by users and potentially route them to malicious websites.
• Stock Informer (ID: beifiidafjobphnbhbbgmgnnndjolfcho), which is susceptible to a years-old cross-site (XSS) vulnerability in the Stockaudio Historical Chart WordPress plugin (CVE-2020-28707, CVSS score: 6.1), which could allow a remote attacker to execute JavaScript code.

Researchers Yuanjing Guo and Tommy Dong said, “Although browser extensions can provide a wide range of useful tools to help us achieve more online, great care needs to be taken when installing them, even when installing from trusted sources.”

Completing the list of malicious extensions is another network of 16 add-ons (15 on the Chrome Web Store and one on the Microsoft Edge Add-on Marketplace) that are designed to intercept and steal ChatGPT authentication tokens by injecting a content script into ChatGPT.[.]com. Cumulatively, the extensions were downloaded approximately 900 times, according to LayerX.

Extensions are considered part of a coordinated campaign due to overlap in source code, icons, branding, and description –

• ChatGPT Folder, Voice Download, Prompt Manager, Free Tools – ChatGPT Mods (ID: lmiigijnefpkjcenfbinhdpafehaddag)
• ChatGPT Voice Download, TTS Download – ChatGPT Mods (ID: उड़ड़ण्चीडीफक्कbfnoglefmdgmblcld)
• ChatGPT Pin Chat, Bookmark – ChatGPT Mods (ID: kefnabicobeigajdngijnnjmljehknjl)
• ChatGPT Message Navigator, History Scroller – ChatGPT Mods (ID: ifjimhnbnbniiiiaihphlclkpfikcdkab)
• ChatGPT Model Switch, Save Advanced Model Use – ChatGPT Mods (ID: pfgbcfaiglkcoclichlojeaklcfboieh)
• ChatGPT Export, Markdown, JSON, Images – ChatGPT Mods (ID: hljdedgemmmkdalbnmnpoimdedckdkhm)
• chatgpt timestamp display – chatgpt mods (id: afjenpabhpfodjpncbiiahbknnghabdc)
• ChatGPT Bulk Delete, Chat Manager – ChatGPT Mods (ID: gbcgjnbccjojicobfimcnfjddhpphaod)
• ChatGPT Search History, Find Specific Messages – ChatGPT Mods (ID: ipjgfhcjeckaibnohigmbcaonfcjepmb)
• ChatGPT Prompt Customization – ChatGPT Mods (ID: mmjmcfaejolfbenlplfoihnobnggljij)
• Short Message – Chatgpt Mods (ID: lechagsebaneofonkbfkljmmaoaec)
• Multi-Profile Management and Switching – ChatGPT Mods (ID: nhnfaiiobkpbenbbiblmgncgokeknnno)
• Search with ChatGPT – ChatGPT Mods (ID: hpcejjllhbalkcmdikecfgkepoknd)
• ChatGPT Token Counter – ChatGPT Mods (ID: hfdpdgblphoommgcjdnnmhpglleaafj)
• ChatGPT Prompt Manager, Folder, Library, Auto Send – ChatGPT Mods (ID: ioaeacncbhpmlkediaagefiegegknglc)
• Chatgpt Mods – Folder Voice Download & More Free Tools (ID: jhohjhmbiakpgedidneeloaoloadlbdj)

As artificial intelligence (AI)-related extensions become increasingly common in enterprise workflows, the development highlights an emerging attack surface where threat actors weaponize the trust associated with popular AI brands to trick users into installing them.

Because such tools often require elevated execution context within the browser and have access to sensitive data, seemingly harmless extensions can become an attractive attack vector, allowing adversaries to gain persistent access without needing to exploit security flaws or resort to other methods that trigger security alarms.

Security researcher Natalie Zargarov said, “Possession of such a token grants account-level access equivalent to a user’s, including access to conversation history and metadata.” “As a result, attackers can replicate and impersonate users’ access credentials to ChatGPT, allowing them to gain access to all of the user’s ChatGPT conversations, data, or code.”

Browsers become an attractive attack vector

The findings also coincide with the emergence of a new malware-as-a-service toolkit called Stanley, which is being sold for between $2,000 and $6,000 on a Russian cybercrime forum, and which allows crooks to generate malicious Chrome browser extensions that can be used to serve phishing pages within an HTML iframe element while showing legitimate URLs in the address bar.

Customers of the tool gain access to the C2 panel to manage victims, configure fake redirects, and send fake browser notifications. Those willing to spend $6,000 get a guarantee that any extension they create using the kit will pass Google’s vetting process for the Chrome Web Store.

These extensions take the form of harmless note-taking utilities to fly under the radar. But their malicious behavior is activated when the user navigates to a website of interest to the attacker, such as a bank, at which point a full-screen iframe containing the phishing page is overlaid, leaving the browser’s URL bar intact. This visual deception creates a defensive blind spot that can trick even alert users into entering their credentials or sensitive information on the page.

As of January 27, 2025, the service appears to have disappeared – possibly prompted by public disclosure – but it is quite possible that it may resurface under a different name in the future.

“Stanley offers a turnkey website-spoofing operation disguised as a Chrome extension, with its premium tier promising guaranteed publishing on the Chrome Web Store,” Varonis researcher Daniel Kelly said earlier this week. “BYOD policies, SaaS-first environments and remote work have made the browser the new endpoint. Attackers have noticed. Malicious browser extensions are now the primary attack vector.”