Malicious Chrome Extensions Steal ChatGPT and DeepSeek Conversations
Two rogue Chrome extensions, impersonating the legitimate AITOPIA AI sidebar tool, have compromised over 900,000 users by exfiltrating ChatGPT and DeepSeek conversations along with full browsing histories to attacker-controlled servers. The extensions, named "Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI" and "AI Sidebar with Deepseek, ChatGPT, Claude and more," request consent for "anonymous analytics" but covertly steal sensitive data, including proprietary code, business strategies, PII, and internal URLs. The malware operates by monitoring browser tabs, scraping chat content and session IDs, and sending Base64-encoded data to C2 servers every 30 minutes, exposing users to risks such as espionage, identity theft, and phishing.
Researchers from OX Security discovered the threat, noting that the extensions remain available on the Chrome Web Store, with one losing its "Featured" badge after disclosure. The extensions also redirect users to each other if uninstalled, and their privacy policies are hosted on third-party sites to obscure their origins. The incident highlights the growing trend of browser extensions being used to capture AI chatbot conversations, a tactic dubbed "Prompt Poaching," and underscores the need for vigilance when installing browser add-ons, especially those requesting broad permissions under the guise of analytics or enhanced user experience.
Timeline
Jan 7, 2026
Google leaves reported malicious extensions available in Chrome Web Store
Despite being reported to Google, the malicious extensions remained available for download as of 2026-01-07, indicating delayed enforcement in the Chrome Web Store. One of the extensions had its 'Featured' badge removed after disclosure, but both were still accessible to users.
Jan 6, 2026
Additional scrutiny falls on legitimate extensions collecting AI chat data
By 2026-01-06, reporting also highlighted that legitimate extensions such as Similarweb and Stayfocusd were collecting AI chatbot conversation data, broadening concern beyond outright malicious add-ons. Similarweb was noted as having updated its privacy policy to explicitly reflect this data collection practice.
Dec 29, 2025
Researchers report nearly 1 million users exposed by extension data theft
Researchers said the two malicious extensions had amassed more than 900,000 installs, exposing users' private AI chats, authentication tokens, internal URLs, proprietary code, business information, and other sensitive data. The findings highlighted risks including corporate espionage, identity theft, phishing, and intellectual property theft.
Dec 29, 2025
OX Security uncovers two malicious AI-themed Chrome extensions
On 2025-12-29, OX Security researchers revealed that two Chrome extensions impersonating the legitimate AITOPIA AI sidebar were stealing ChatGPT and DeepSeek conversations along with browsing data from users. The extensions used DOM scraping and browser APIs to collect sensitive chat content, session data, and browsing history, then exfiltrated it to attacker-controlled servers every 30 minutes.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Sources
Related Stories
Malicious and High-Risk AI-Powered Chrome Extensions Enable Account Hijacking and Phishing
Security researchers reported multiple risks tied to **AI-themed browser extensions** in the Chrome/Edge ecosystem, including active malicious campaigns. Malwarebytes identified **16 malicious extensions** (15 Chrome, 1 Edge) masquerading as ChatGPT “enhancers” that **steal ChatGPT session tokens**, enabling attackers to take over accounts and access conversation history and metadata; the extensions also exfiltrate additional telemetry (e.g., extension version/language and usage details) to help attackers profile victims and maintain longer-term access. Separately, Varonis described a new **malware-as-a-service** offering called **“Stanley”** that claims to reliably get **phishing-capable Chrome extensions** through Chrome Web Store review, using full-screen `iframe` overlays to present attacker-controlled login pages while the address bar continues to show the legitimate domain; it also advertises auto-install support across Chrome/Edge/Brave, a management panel, geo/IP targeting, and frequent C2 polling. In parallel with these overtly malicious cases, an Incogni study of **442 AI-powered Chrome extensions** found broad privacy and security exposure from over-privileged extensions (e.g., script injection and deep page access) and extensive data collection (52% collecting user data), highlighting that even popular tools (e.g., **Grammarly** and **QuillBot**) can present significant privacy risk due to the scope of permissions and data categories collected.
1 months ago
Malicious ChatGPT Ad Blocker Chrome Extension Stole User Conversations
Researchers reported that a fake Chrome extension called **"ChatGPT Ad Blocker"** posed as a tool to remove ads from ChatGPT while secretly harvesting users' prompts and responses. The extension reportedly cloned the ChatGPT page DOM, extracted conversation text, and exfiltrated chats longer than 150 characters to a private Discord channel using a bot identified as **Captain Hook**, turning a supposed privacy tool into a straightforward data-theft mechanism. The campaign appears to have capitalized on interest around ChatGPT advertising by luring users with bogus ad-blocking functionality. DomainTools linked the operation to suspicious domains including `blockaiads.com`, `openadblock.com`, and `gptadblock.com`, and found the extension checked a GitHub-hosted file hourly for remote instructions, suggesting active attacker control and the ability to update behavior over time. The developer account was reportedly tied to the handle **`krittinkalra`** and associated with AI platforms Writecream and AI4ChatCo, although no evidence was cited that those other apps also stole data.
4 weeks ago
Malicious Chrome Extensions Impersonate AI Assistants and Crypto Wallets to Steal Sensitive Data
Microsoft reported a campaign of **malicious Chromium-based browser extensions** masquerading as legitimate AI assistant tools to **harvest LLM chat histories and browsing data**, with reporting suggesting ~**900,000 installs** and Microsoft Defender telemetry indicating activity across **20,000+ enterprise tenants**. The extensions collected full URLs and chat content from services including **ChatGPT** and **DeepSeek**, creating a high-risk data leakage path for proprietary code, internal workflows, and strategic discussions; Microsoft also noted cases where “agentic” browsers auto-downloaded these extensions, reducing user friction and increasing exposure. Separately, Socket documented a **fake imToken** Chrome extension (`bbhaganppipihlhjgaaeeeefbaoihcgi`) that posed as a benign “hex color visualizer” but functioned as a **phishing redirector**: on install and on click it opened attacker-controlled pages, pulling a destination URL from `jsonkeeper[.]com/b/KUWNE` and sending victims to `chroomewedbstorre-detail-extension[.]com` to solicit **12/24-word seed phrases** or **private keys** for wallet takeover. A Kaspersky post focused on consumer guidance for disabling unwanted AI features and broadly warned about privacy/security risks from pervasive AI assistants (including mention of insecure third-party “personal agent” setups), but it did not provide corroborated details tied to the specific malicious-extension campaigns described by Microsoft and Socket.
2 days ago