Malicious Chrome Extensions Used for Credential Theft and Website Spoofing
Security researchers reported a surge in malicious Chrome extensions abusing high-privilege browser permissions to steal credentials and hijack authenticated sessions. LayerX identified at least 16 ChatGPT-related extensions that mimic legitimate productivity tools and brands, then inject scripts into chatgpt.com to monitor outbound web requests and exfiltrate authorization details and session tokens to attacker-controlled infrastructure. With stolen tokens, attackers can impersonate victims’ ChatGPT sessions and potentially access connected data sources (e.g., integrations with Slack and GitHub), expanding impact beyond the AI service itself.
Separately, Varonis documented a malware-as-a-service browser-extension toolkit dubbed Stanley being sold on Russian-language cybercrime forums, marketed to enable large-scale credential theft by showing a phishing site while the URL bar continues to display the legitimate domain. The toolkit uses a web-based control panel to configure per-victim “source” (legitimate) and “target” (phishing) URLs, then overlays a full-screen iframe to spoof the destination site; the seller also claims “guaranteed” placement in the Chrome Web Store, increasing the likelihood of user installation and enterprise exposure.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
Varonis discloses Stanley phishing-extension toolkit details
Varonis publicly described Stanley as a toolkit for building malicious Chrome extensions that overlay attacker-controlled phishing pages on legitimate sites while the browser continues to show the real URL. The researchers also detailed its web-based control panel, IP-based victim targeting, frequent C2 polling, and abuse of browser notifications.
LayerX uncovers 16 malicious ChatGPT-themed browser extensions
LayerX Research disclosed a coordinated campaign of 16 browser extensions masquerading as ChatGPT productivity tools that steal ChatGPT session tokens. The extensions inject scripts into chatgpt.com, hook outbound requests, and exfiltrate authorization data to attacker-controlled infrastructure; about 900 installations were observed across Chrome and Edge listings.
Varonis reports Stanley activity to Google
After identifying Stanley and its malicious "Notely" browser-extension activity, Varonis reported the campaign to Google. The report said the main command-and-control server was later taken offline, although the extension remained active for some time afterward.
Stanley crimeware toolkit appears on Russian-language forum
Varonis reported that the malware-as-a-service browser attack toolkit "Stanley" first appeared on a Russian-language cybercrime forum on January 12, 2026. It was advertised under the alias "Стэнли" with tiers priced from $2,000 to $6,000, including a premium option claiming Chrome Web Store publication.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
8 references tracked. Mallory keeps watching after this page renders.
Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access
thehackernews.com
Open source16 Malicious Chrome Extensions as ChatGPT Enhancements Steals ChatGPT Logins
cybersecuritynews.com
Open sourceStanley malware bypasses Chrome Web Store checks, steals credentials | SC Media
scworld.com
Open sourceResearchers find 16 browser extensions stealing ChatGPT session tokens | SC Media
scworld.com
Open source'Stanley' Toolkit Turns Chrome Into Undetectable Phishing Vector
darkreading.com
Open sourceLayerX: Malicious ChatGPT Chrome extensions are stealing account credentials
cyberscoop.com
Open sourceHow We Discovered A Campaign of 16 Malicious Extensions Built to Steal ChatGPT Accounts - LayerX
layerxsecurity.com
Open sourceNew Malware Toolkit Sends Users to Malicious Websites While the URL Stays the Same
cybersecuritynews.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Malicious and High-Risk AI-Powered Chrome Extensions Enable Account Hijacking and Phishing
Security researchers reported multiple risks tied to **AI-themed browser extensions** in the Chrome/Edge ecosystem, including active malicious campaigns. Malwarebytes identified **16 malicious extensions** (15 Chrome, 1 Edge) masquerading as ChatGPT “enhancers” that **steal ChatGPT session tokens**, enabling attackers to take over accounts and access conversation history and metadata; the extensions also exfiltrate additional telemetry (e.g., extension version/language and usage details) to help attackers profile victims and maintain longer-term access. Separately, Varonis described a new **malware-as-a-service** offering called **“Stanley”** that claims to reliably get **phishing-capable Chrome extensions** through Chrome Web Store review, using full-screen `iframe` overlays to present attacker-controlled login pages while the address bar continues to show the legitimate domain; it also advertises auto-install support across Chrome/Edge/Brave, a management panel, geo/IP targeting, and frequent C2 polling. In parallel with these overtly malicious cases, an Incogni study of **442 AI-powered Chrome extensions** found broad privacy and security exposure from over-privileged extensions (e.g., script injection and deep page access) and extensive data collection (52% collecting user data), highlighting that even popular tools (e.g., **Grammarly** and **QuillBot**) can present significant privacy risk due to the scope of permissions and data categories collected.
Mar 21, 2026
Malicious Chrome Extensions Used for Data Theft via Ownership Transfers and Impersonation
Multiple **malicious Chrome/Chromium extensions** were identified abusing the Chrome Web Store to steal data from users and enterprises. Two previously legitimate extensions—**QuickLens** (`kdenlnncndfnhkognokgfpabgkgehodd`) and **ShotBird** (`gengfhhkjekmlejbhmmopegofnoifnjp`)—reportedly turned malicious after **ownership transfers**, enabling downstream compromise through injected code and data harvesting. In the QuickLens case, researchers reported the malicious update preserved expected functionality while adding capabilities to **strip security headers** (e.g., `X-Frame-Options`) and facilitate script injection that can bypass **Content Security Policy (CSP)** protections, expanding the attacker’s ability to make cross-domain requests and collect sensitive information. Separately, Microsoft reported a campaign of **counterfeit “AI assistant” browser extensions** distributed via the Chrome Web Store (and therefore also impacting Microsoft Edge environments that allow Chrome extensions), which allegedly affected **20,000+ enterprise tenants** and amassed roughly **900,000 installs**. These extensions impersonated legitimate AI productivity tools and harvested **ChatGPT/DeepSeek conversation histories**, visited URLs, and browsing telemetry, staging data for exfiltration to attacker-controlled infrastructure. Another Chrome Web Store threat involved a fake **imToken**-branded extension (“lmΤoken Chromophore”) that masqueraded as a benign tool but redirected victims to phishing infrastructure to steal **seed phrases and private keys**, using tactics like hardcoded remote configuration (via JSONKeeper) and decoy navigation to the legitimate `token.im` site after credential capture.
Mar 21, 2026
Malicious Browser Extensions Used for Stealthy Data Theft and Account Takeover
Researchers reported multiple **malicious browser extension** campaigns abusing official add-on ecosystems to steal data and hijack accounts. One operation tracked as **GhostPoster** hid malicious logic inside seemingly benign PNG image files, a technique used to evade typical extension review and static checks; follow-on infrastructure analysis linked the activity to at least **17 additional extensions** using the same backend and tactics, with **~840,000 installs** and some extensions active for up to **five years**. The campaign reportedly started on **Microsoft Edge** and later expanded to **Chrome and Firefox**, emphasizing stealth and long-term persistence over rapid spread. Separately, Socket researchers identified **five malicious Chrome extensions** impersonating enterprise platforms (*Workday, NetSuite, SuccessFactors*) to enable **session hijacking and account takeover**. The extensions were described as working together to **steal authentication tokens/cookies**, **block incident response** by manipulating the DOM to interfere with security administration pages, and perform **cookie injection** to take over sessions; most were removed from the Chrome Web Store but remained available via third-party download sites. In response to the broader extension abuse, **Mozilla and Microsoft** removed identified add-ons from their marketplaces, but already-installed extensions remain a risk and require **manual removal**.
Mar 21, 2026