Or Eshed

You're listening to the Cyberwire Network, powered by N2K.

Dave Bittner

If you're defending a network today, there's a simple question worth asking. What does the attacker see when they look at your organization? Nord Stellar helps answer that Nord Stellar is a threat exposure management platform that gives security teams visibility into external risks, including leaked credentials, active SE tokens, impersonation attempts, and exposed assets across the surface web and the dark web. It's built to help organizations detect the consequences of breaches early, before attackers turn access into action. From monitoring for info stealer malware logs to identifying cybersquatting and brand abuse, Nord Stellar helps teams focus on the threats that actually matter. Executives get clear, actionable insights tied to business risk. Security teams get real time alerts and one of the largest deep and dark web intelligence pools in the industry. Cybercriminals may already be looking for your weak spots. Don't make it easy for them. Be the one that's prepared. Defend your business with Nordstellar. Use the code CYBERWIRE10 to unlock your exclusive discount. Go to nordstellar.com cyberwire daily and learn more. Hello everyone and welcome to the Cyberwires Research Saturday. I'm Dave Bittner and this is our weekly conversation with researchers and analysts tracking down the threats and vulnerabilities, solving some of the hard problems, and protecting ourselves in a rapidly evolving cyberspace. Thanks for joining us.

Or Eshed

I think what was interesting here is the scope and motivation of the attacker behind this, which is a very well coordinated and orchestrated campaign, that's all. Its purpose is actually to steal ChatGPT accounts.

Dave Bittner

That's or eSHED co founder and CEO at LayerX Security. The research we're discussing is titled how we Discovered a campaign of 16 malicious extensions built to steal ChatGPT accounts.

Or Eshed

Within Larix. We're a browser security company. We have millions of browsers to be secure, but also a collaboration with Google. So actually we're one of the sandboxes Google is using. So I have a pretty good database, probably the largest in the world. One of the things that we do on our database is conducting threat hunt campaigns, so we're taking ttps or do attribution. So basically there are all kinds of extensions out there. Malicious extensions are not behaving the same way malware works, so there are different ways to analyze them. We've built our own platform for that. We call it the Larix Malware Lab, in which we find clusters of extensions that seem similar to one another. Within that scope, we've detected a first malicious extension within this campaign. Afterwards, the Attribution is happening automatically. What's interesting was to see a very coordinated campaign that's aimed at stealing ChatGPT accounts. So unlike other methods to discover, we are trying to get things when the blast radius is relatively low. So upon an extension infancy, what it means is once we detect some sort of a mechanism that the malicious extension is using, since we have visibility into the entire marketplace through Google, we can catch extensions as they come to the marketplace and not once they infect the user browser. So you basically have to get to the marketplace then to do the infection. I think what was interesting here is the scope and motivation of the attacker behind this, which is a very well coordinated and orchestrated campaign, that's all. Its purpose is actually to steal ChatGPT accounts.

Dave Bittner

Well, I mean, let's start off there at a high level. What was it that these extensions claim to do and what were they actually doing instead?

Or Eshed

So they claim to be productivity tools for AI, and that makes sense because of a they want to make sure that they hit users with extensive ChatGPT usage. Secondly, they inject a lot of code into ChatGPT. So that also provides evasion within the ChatGPT, within the marketplace sandboxing capability. So you just want to make sure that the fact that they inject a ton of code to ChatGPT goes across as genuine, credible, and it's not really clear what was the benefit, but they managed to get significant distribution. Once they are there, they are stealing tokens used for authentication. So they claim to be something that used to export data or images, providing timestamp displays, all kinds of very basic functionalities you don't actually need an extension for. But eventually they do advertise themselves as something that automate them. And behind the scenes, stealing tokens used for authentication to ChatGPT.

Dave Bittner

How did you realize that this wasn't just a single bad extension, but that this was actually a coordinated campaign?

Or Eshed

Actually, that's the easiest part. The hard part is catching the first one. Once you catch the first one, the next ones to follow are pretty easy. We look at a couple of things. We look at code behavior and code repeatability. Think about yourself. What's the most expensive thing you have in the world is time. Once you've developed something that works, you try to replicate that, you try to automate it. Basically they were copying and pasting their own code into a bunch of different extensions. Aside from that, they use the same visuals, the same favicons on the extension and even the same domain to register them. So there were a couple of connections between all those extensions on the ownership level, on the visual level, and on the code level, which is really smoking gun, and all of them are attributed to the same attacker.

Dave Bittner

Well, let's go through this together. What actually happens when someone installs one of these extensions? What does it do inside the browser?

Or Eshed

So an extension has visibility to a lot of things that happen within the context of a web session. So for anyone that's hearing, once you go into ChatGPT, you already signed in. How does ChatGPT knows it's you and it's not? Let's say, Dave, at the same time, the ChatGPT app is doing that based on a cookie stored in your browser or some sort of a token that's being cached in the browser memory space. All of those items are visible to any extension. So any extension with visibility to the ChatGPT domain is able to see those data types. So the extension is basically copying all the different attributes that are used by ChatGPT to recognize the user, the cookie, the tokens used by the browser, the screen resolution, and even the browser version. Everything to create basically a replica and identical twin of that browser owned by the attacker. So the attacker can just log in into their app. Actually, the attacker doesn't have to log in because they are instantly validated by ChatGPT. They don't even have to log in, they just go in and then they can just steal conversation history and fetch data.

Dave Bittner

So as far as ChatGPT is concerned, it thinks that it is the user of the stolen token.

Or Eshed

It just mimics everything of the victim in a way that the attacker owns and the attacker can just sign in visibility and access to everything owned by the user.

Dave Bittner

Well, help me understand here, because my understanding is this doesn't exploit a vulnerability in ChatGPT itself. It's this token vulnerability. Why does that make this harder to detect?

Or Eshed

If you ever seen some sort of a 90s action movie in which the thieves create some sort of a replica of a house key. It's pretty much the same thing. They just create a replica of the key that you use. They get in identifying as you, and then they can steal any data you uploaded. In reality, it can be done on any site. What the attacker has to do is really know ChatGPT and where ChatGPT hides its secrets. That's not really hard to do. And from that point on, it's becoming a very easy task. Actually, the complex part is getting the infections. An extension has visibility into everything identity related within the browser.

Dave Bittner

So my understanding is that right now the Download numbers for these are relatively small. Can you give us a sense of the scale of this problem?

Or Eshed

Well, that's a good question. The way Larix works, we don't wait for large distribution to do the takedown. We try to do the takedown as early as possible. So this campaign was blocked in relatively low numbers, but with high motivation. I said that historically campaigns of that sort managed to get to thousands or tens of thousands of infections per extension. What attackers typically do, they use a rogue advertisements to get installations and all kinds of evasion techniques. So sometimes they will actually add some sort of a legitimate functionality to the extension or they will buy an extension on the marketplace that already has infections. Interestingly, an extension owner has visibility into who owns the browser. So once I install an extension, let's say I'm using an extension using my work device. My work device is creating some sort of flag into my browser that says that this browser is managed and is attributed to a domain owned by my business. So actually an extension owner can see who is owning the extension and actually understand whether this is data that's owned by a consumer and then it's really hard to monetize on that or whether it's owned by a business and then they can actually do some sort of a ransomware or something else. I'd say that the holy grail from an attacker standpoint, or I'd say the knockout will be companies that actually have a ChatGPT corporate account. So they have some sort of an on prem or internal ChatGPT and by getting access to one account they can actually steal the data of all the organization if that makes sense. Creating some sort of an intrusion that's a game changer for the attacker. Foreign.

Dave Bittner

We'll be right back. AI is changing how enterprises operate and how they stay protected. It's time to eliminate risk and protect innovation. From March 23rd through the 26th, join Trend AI for actionable AI security insights. Catch impactful sessions at RSAC, then unwind and grab a bite at their lounge in Troposweno. Experience industry leading AI security in person. Engage with the experts and get your chance to win $500,000. San Francisco lets AI fearlessly. Learn more@trendmicro.com RSA. When cyber threats strike, minutes matter. Booz Allen brings the same battle tested expertise trusted to protect national security to defend today's leading global organizations. They safeguard their data, strengthen enterprise resilience and mobilize in minutes across energy, healthcare, financial services and manufacturing. Their teams don't just respond, they anticipate Outthink and stay ahead of evolving threats. This is powerful protection for commercial leaders only. From Booz Allen See how your organization can Prepare today@boozallen.com Commercial. What are your recommendations then? I mean, when we're talking about browser extensions, how can organizations vet them to make sure that they're not going to have these sorts of problems?

Or Eshed

I'll use the cliche and say it starts with visibility. If you don't know what exists in your environment, which browsers are there, which extensions they have, you're probably in a bad spot. It's one of the most effective attack techniques a couple of years ago, according to Mandia. The third reason in terms of scope for account takeovers and intrusions on the identity level, it's also a very low hanging fruit for an attacker. So we need to have visibility, but the visibility has to be continuous because attackers are changing extensions on on the flight. An extension can be born benign and become malicious over a while. So I'll call it the Shawshank Redemption process of taking it's kind of like digging a tunnel. Day by day the attacker is building an extension, adding a little bit of malicious code daily until they get to a good enough distribution and then they monetize. So they're really aware of the limitations of allow this block list approach. Eventually you need to know which browsers you have, which extensions are there, and also to understand which identities are exposed to them. So not all identities are at the same risk. I said that the low hanging fruits is understand how users will use browsers in the organization. Users are able actually to import via agentless sign in their personal browser setting into the work device, including all the extensions they have. So you can actually import a bunch of malware instantly into your work device. I think once you understand that and you have a basic inventory, you define what's reasonable use, what's not reasonable use, you can get to a pretty sweet balance between risk and productivity. I think one of the challenges is that historically who used browser extensions. So historically the browser extensions that were really corporate legit were ad blockers, password managers, Grammarly, things of that sort. But today you have like a million AI extensions out there and every user says they must use them and it's really becoming a headache for for IT teams to approve or vet extensions over time. I think visibility, context, continuous risk analysis can get you to blocking something that's probably more common in your environment than actual traditional malware.

Dave Bittner

Are we looking at behavioral detections here of trying to keep an eye on what these extensions are trying to do.

Or Eshed

So you can't actually do that without being deployed in the browser, unfortunately. But to the very, very least, to the very least understanding what's there. So I'll give you a point. So let's say I am as a CEO, I have the Salesforce extension on my browser. Do you know how many extensions on the Chrome Marketplace are Salesforce something? They have Salesforce in their name, hundreds. And ChatGPT extensions, thousands. So no one really says what's a real one, what's not a real one. You need to actually check that. Is this a real Salesforce, is this a real ChatGPT extension? Those are very, very basic hygiene things you need to do on your environment. So you need to have visibility into everything about those extensions and be able to block them based on risk, context, reasonable usage, things of that sort.

Dave Bittner

Yeah, it seems like an uphill battle here. As you say, the numbers are not in the defender's favor, it seems to me.

Or Eshed

Well, unfortunately it is. But it's a brave new world. Eventually the traditional operating system is, is not as interesting as it used to be, even though we're going back to a device centric world. But what's really interesting is what's happening on top of the device. AI, applications, browsers, IDs. This is where employees spend most of their time. Historically. I remember myself as a junior security analyst with more hair on my head. And everything was around files, this is a good file, this is a bad file, this is data rich files, this, whatever. And now everything is applicative, everything is dynamic. Basically extension is agentless. In order to understand what it is, you need more context and you need to really change the way you think about security, that actually agentless is more powerful and more risky to your organization. It's actually this agentless malware.

Dave Bittner

So how do you recommend that security professionals strike that balance? I mean, we can, we can see that some of these extensions have utility and they do help people do their jobs better. And yet we have this risk here,

Or Eshed

assuming that the question is how to do it. Avoiding to buy a tool on the browser level, the DIY method would be to restrict which browsers are approved in your organization. And then you need visibility into the different plugins. Chrome, Edge and soon Firefox have enterprise flavors, so they have management capabilities. Other browsers don't have management capabilities. You need to build it yourself using MDM or some sort of a security tool that you may have to buy. Once you do that, you need routinely at least once a week to audit all the different extensions understand what's happening with your permissions code, sandbox them and to apply risk based classification. Eventually in real life the road bump you'll hit will be that not every extension will say hey I'm malware. It will say something like Amazon coupon code and then the security architect would not want to get in face to face battle with some sort of an employee whether they should or shouldn't have that. So understanding what's reasonable usage on your environment, on your devices fleet, that's key because if you decide that you don't waste time on things that are not work related, just avoid having all this, that other stuff, all that crap. And if your culture says that everything is allowed, the user is the champion of the organization, you need to really scan nonstop everything in your environment to understand what's risky.

Dave Bittner

Yeah it really is striking a careful

Or Eshed

balance what you could do actually at lyrics we have a free extension PDF so about big chunk of our database is actually exposed to the broad audience. If you want to invest and scan and get for some sort of a rescore you actually do it on the lyrics site search for lyrics extension PDF and that database is a combined database of Google and ourselves. So you know it's two startups, one of them is 30 years old and over a trillion dollars in worth and larx but we have the largest database in the world for browser extensions with rescoring you can do that and then you can understand what's going on in your environment.

Dave Bittner

Now hold on a second or are you suggesting that people install one of your extensions?

Or Eshed

I mean everyone is welcome to be a lyrics customer but I think I was on the other side. I think it's my I need as an entrepreneur in cybersecurity I need to always talk about what's the basics because it's a part of the community to be able to share. And it was important for us to provide the basics of extension security for free for the entire world. And eventually we build great relationships with customers. So I'm not shy to say that we're happy to give away some for free. Eventually we understand that that's our way to prove credibility and many of those organizations then are interested to move on with us and you know, sometimes they go to conferences and I meet people saying, you know, they tell me, you know, I built an extension security framework for free using your extension PDF and then I'll tell them, you know, it's great. How much time do you spend on that? And apparently they spend a lot of time and then eventually, you know, they, they do try to automate and they do reach out and they do engage with us. So I feel very comfortable with where we are.

Dave Bittner

Yeah. All right, well. Or I think I have everything I need for our story here. Is there anything I missed? Anything I haven't asked you that you think it's important to share?

Or Eshed

I think one thing is the timing, the why now? With AI, historically, companies were using all kinds of tools, but every risk level, you have kind of like a long tail and a big mess. So the big mess is always really managed. So think about SaaS security or identity security. It's always said that the big mask is already secure by design. Then you have a long tail. With AI, I think something really, really changes that perspective. One, it's really web based. It's really hard to catch that. It's really interactive. But users are very, very not model loyal. So everyone is aware of what's the hottest new AI tool and everyone is experimenting. Those tools are not very cheap. So think about how you gain security. You gain security by controlling the configurations, the backend controls. You tie them to an identity provider, you put them behind some sort of a reverse proxy. You have all kinds of tools you can use, but that's good. For traditional SaaS within AI, things change really fast. And when I think about the cost of those licenses, paying about $400 a month for getting all of them for all your employees, that's a lot of money. It's really, really a lot of money. So most organizations actually buy only one or at most two AI platforms, but the users use everything and sometimes they even use their personal webmail to sign into Claude or something of that sort. And eventually it means that the long tail is actually bigger than the main body of that risk. So AI just really fuels malicious extensions as a mechanism to create a very, very powerful intrusion by attackers that creates urgency.

Dave Bittner

Our thanks to or Eshed from LayerX Security for joining us. The research is titled how we Discovered a campaign of 16 malicious extensions built to steal ChatGPT accounts. We'll have a link in the Show Notes. And that's Research Saturday, brought to you by N2 CyberWire. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the Show Notes or send an email to cyberwire2k.com this episode was produced by Liz Stokes. We're mixed by Elliot Peltzman and Trey Hester. Our executive producer is Jennifer Ibin, Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here next time. If you only attend one cybersecurity conference this year, make it RSAC 2026. It's happening March 23rd through the 26th in San Francisco, bringing together the global security community for four days of expert insights, hands on learning and real innovation. I'll say this plainly, I never miss this conference. The ideas and conversations stay with me all year. Join thousands of practitioners and leaders tackling today's toughest challenges and shaping what comes next. Register today@rsaconference.com cyberwire26. I'll see you in San Francisco.

Or Eshed

Starting a business can seem like a daunting task unless you have a partner like Shopify. They have the tools you need to start and grow your business. From designing a website to marketing to selling and beyond, Shopify can help with everything you need. There's a reason millions of companies like Mattel, Heinz and Allbirds continue to trust and use them. With Shopify on your side, turn your big business idea into Sign up for your $1 per month trial at shopify. Com specialoff.