Malicious Chrome Extensions Impersonate AI Assistants and Crypto Wallets to Steal Sensitive Data
Microsoft reported a campaign of malicious Chromium-based browser extensions masquerading as legitimate AI assistant tools to harvest LLM chat histories and browsing data, with reporting suggesting ~900,000 installs and Microsoft Defender telemetry indicating activity across 20,000+ enterprise tenants. The extensions collected full URLs and chat content from services including ChatGPT and DeepSeek, creating a high-risk data leakage path for proprietary code, internal workflows, and strategic discussions; Microsoft also noted cases where “agentic” browsers auto-downloaded these extensions, reducing user friction and increasing exposure.
Separately, Socket documented a fake imToken Chrome extension (bbhaganppipihlhjgaaeeeefbaoihcgi) that posed as a benign “hex color visualizer” but functioned as a phishing redirector: on install and on click it opened attacker-controlled pages, pulling a destination URL from jsonkeeper[.]com/b/KUWNE and sending victims to chroomewedbstorre-detail-extension[.]com to solicit 12/24-word seed phrases or private keys for wallet takeover. A Kaspersky post focused on consumer guidance for disabling unwanted AI features and broadly warned about privacy/security risks from pervasive AI assistants (including mention of insecure third-party “personal agent” setups), but it did not provide corroborated details tied to the specific malicious-extension campaigns described by Microsoft and Socket.
Timeline
Apr 30, 2026
Unit 42 exposes 18 malicious AI-themed Chrome extensions
Palo Alto Networks Unit 42 reported 18 high-risk Chrome extensions masquerading as AI productivity tools that abused privileged browser capabilities to steal prompts, credentials, emails, API keys, and browsing data, with behaviors including remote access, adversary-in-the-browser surveillance, infostealing, spyware, and search hijacking. The researchers said Google was notified and either removed the extensions or warned their owners about policy violations.
Apr 3, 2026
DomainTools identifies malicious "ChatGPT Ad Blocker" Chrome extension
DomainTools reported a malicious Chrome extension named "ChatGPT Ad Blocker" that impersonated an ad blocker for ChatGPT but instead captured users’ ChatGPT conversations and exfiltrated them to a private Discord webhook. Researchers said the extension fetched remote configuration from GitHub every 60 minutes, injected code into ChatGPT pages, and was linked to the developer alias "krittinkalra."
Mar 5, 2026
Socket reports fake imToken extension to Google while it remains live
Socket disclosed that the fake imToken extension was still available in the Chrome Web Store with 39 weekly active users at the time of reporting. The company said it had reported both the extension and its publisher account to Google for removal.
Mar 5, 2026
Microsoft discloses technical details and mitigations for AI extension campaign
Microsoft published analysis of the malicious AI assistant extensions, describing their broad permissions, deceptive consent flows, local Base64-encoded JSON staging, and HTTPS exfiltration to attacker-controlled domains such as deepaichats[.]com and chatsaigpt[.]com. It also released mitigation guidance, Defender detections, and hunting queries for affected organizations.
Mar 5, 2026
Malicious AI assistant browser extensions reach large-scale distribution
Microsoft investigated a campaign involving malicious Chromium-based extensions impersonating AI assistant tools that harvested browsing data and LLM chat histories from services including ChatGPT and DeepSeek. The campaign reportedly reached about 900,000 installs and related activity was observed across more than 20,000 enterprise tenants.
Feb 2, 2026
Fake imToken Chrome extension is published to the Web Store
A malicious Chrome extension named “lmΤoken Chromophore,” impersonating the imToken wallet while posing as a color visualizer, was published in the Chrome Web Store. It used a redirector design to send users to attacker-controlled phishing pages that solicited seed phrases and private keys.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Sources
Related Stories
Malicious Chrome Extensions Used for Data Theft via Ownership Transfers and Impersonation
Multiple **malicious Chrome/Chromium extensions** were identified abusing the Chrome Web Store to steal data from users and enterprises. Two previously legitimate extensions—**QuickLens** (`kdenlnncndfnhkognokgfpabgkgehodd`) and **ShotBird** (`gengfhhkjekmlejbhmmopegofnoifnjp`)—reportedly turned malicious after **ownership transfers**, enabling downstream compromise through injected code and data harvesting. In the QuickLens case, researchers reported the malicious update preserved expected functionality while adding capabilities to **strip security headers** (e.g., `X-Frame-Options`) and facilitate script injection that can bypass **Content Security Policy (CSP)** protections, expanding the attacker’s ability to make cross-domain requests and collect sensitive information. Separately, Microsoft reported a campaign of **counterfeit “AI assistant” browser extensions** distributed via the Chrome Web Store (and therefore also impacting Microsoft Edge environments that allow Chrome extensions), which allegedly affected **20,000+ enterprise tenants** and amassed roughly **900,000 installs**. These extensions impersonated legitimate AI productivity tools and harvested **ChatGPT/DeepSeek conversation histories**, visited URLs, and browsing telemetry, staging data for exfiltration to attacker-controlled infrastructure. Another Chrome Web Store threat involved a fake **imToken**-branded extension (“lmΤoken Chromophore”) that masqueraded as a benign tool but redirected victims to phishing infrastructure to steal **seed phrases and private keys**, using tactics like hardcoded remote configuration (via JSONKeeper) and decoy navigation to the legitimate `token.im` site after credential capture.
1 months ago
Malicious and High-Risk AI-Powered Chrome Extensions Enable Account Hijacking and Phishing
Security researchers reported multiple risks tied to **AI-themed browser extensions** in the Chrome/Edge ecosystem, including active malicious campaigns. Malwarebytes identified **16 malicious extensions** (15 Chrome, 1 Edge) masquerading as ChatGPT “enhancers” that **steal ChatGPT session tokens**, enabling attackers to take over accounts and access conversation history and metadata; the extensions also exfiltrate additional telemetry (e.g., extension version/language and usage details) to help attackers profile victims and maintain longer-term access. Separately, Varonis described a new **malware-as-a-service** offering called **“Stanley”** that claims to reliably get **phishing-capable Chrome extensions** through Chrome Web Store review, using full-screen `iframe` overlays to present attacker-controlled login pages while the address bar continues to show the legitimate domain; it also advertises auto-install support across Chrome/Edge/Brave, a management panel, geo/IP targeting, and frequent C2 polling. In parallel with these overtly malicious cases, an Incogni study of **442 AI-powered Chrome extensions** found broad privacy and security exposure from over-privileged extensions (e.g., script injection and deep page access) and extensive data collection (52% collecting user data), highlighting that even popular tools (e.g., **Grammarly** and **QuillBot**) can present significant privacy risk due to the scope of permissions and data categories collected.
1 months ago
Malicious Chrome Extensions Steal ChatGPT and DeepSeek Conversations
Two rogue Chrome extensions, impersonating the legitimate AITOPIA AI sidebar tool, have compromised over 900,000 users by exfiltrating ChatGPT and DeepSeek conversations along with full browsing histories to attacker-controlled servers. The extensions, named "Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI" and "AI Sidebar with Deepseek, ChatGPT, Claude and more," request consent for "anonymous analytics" but covertly steal sensitive data, including proprietary code, business strategies, PII, and internal URLs. The malware operates by monitoring browser tabs, scraping chat content and session IDs, and sending Base64-encoded data to C2 servers every 30 minutes, exposing users to risks such as espionage, identity theft, and phishing. Researchers from OX Security discovered the threat, noting that the extensions remain available on the Chrome Web Store, with one losing its "Featured" badge after disclosure. The extensions also redirect users to each other if uninstalled, and their privacy policies are hosted on third-party sites to obscure their origins. The incident highlights the growing trend of browser extensions being used to capture AI chatbot conversations, a tactic dubbed "Prompt Poaching," and underscores the need for vigilance when installing browser add-ons, especially those requesting broad permissions under the guise of analytics or enhanced user experience.
1 months ago