Despite being designed with the most secure techniques available, password managers are still susceptible to changing times and public accessibility to possible threats. With the use of AI machines, such as ChatGPT, it is becoming increasingly easy to design malware, plan attacks, or even uncover vulnerabilities that were meant to hidden to the general public. A simple search using ChatGPT’s free model provided bug bounty vulnerability information for one password manager, that is not available to the general public through Hackerone’s website.
There are also freely available malwares and extensions that can be downloaded for “research” purposes, but have no way of stopping someone from using it for malicious purposes. Matt Frisbie, author of “Building Browser Extensions,” provided a complete tutorial for building a malicious tracker extension, that included how to disguise it as something harmless. The entirety of the extension can be found in his GitHub repository: https://github.com/msfrisbie/spy-extension. This extension was downloaded and demonstrated to show just how easy it is to use.