Ethical Hacking News
Two Chrome Extensions Have Been Found Stealing ChatGPT and DeepSeek Conversations from 900,000 Users. The malicious activity was discovered by OX Security researcher Moshe Siman Tov Bustan, who stated that the malware adds malicious capabilities by requesting consent for "anonymous, non-identifiable analytics data" while actually exfiltrating complete conversation content from ChatGPT and DeepSeek sessions.
The discovery of two malicious Chrome extensions compromising over 900,000 users' privacy has been made. The extensions exfiltrated user conversations and tab URLs to a remote server every 30 minutes. The malware impersonated a legitimate extension and requested consent for "anonymous" analytics data while actually collecting complete conversation content. The threat actors used Lovable, an AI-powered web development platform, to host their infrastructure components and obfuscate their actions. Installing these extensions can lead to severe consequences, including data exfiltration and potential exploitation for corporate espionage, identity theft, or targeted phishing campaigns. The trend of using browser extensions to capture AI conversations is not limited to malicious actors but also includes well-established brands like Similarweb and Sensor Tower's Stayfocusd.
The world of artificial intelligence (AI) has witnessed a significant evolution over the past few years. The emergence of AI-powered chatbots like OpenAI's ChatGPT and DeepSeek has transformed the way humans interact with technology. However, the dark side of this technological revolution is coming to light as two malicious Chrome extensions have been discovered, compromising the privacy of over 900,000 users.
These extensions, which have been identified as "Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI" and "AI Sidebar with Deepseek, ChatGPT, Claude, and more," were found to be exfiltrating user conversations and all Chrome tab URLs to a remote C2 server every 30 minutes. This malicious activity was discovered by OX Security researcher Moshe Siman Tov Bustan, who stated that the malware adds malicious capabilities by requesting consent for "anonymous, non-identifiable analytics data" while actually exfiltrating complete conversation content from ChatGPT and DeepSeek sessions.
The two malicious extensions were found to impersonate a legitimate extension named "Chat with all AI models (Gemini, Claude, DeepSeek...) & AI Agents" from AITOPIA that has about 1 million users. They are still available for download from the Chrome Web Store as of writing, although "Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI" has since been stripped of its "Featured" badge.
Once installed, these rogue extensions request that users grant them permissions to collect anonymized browser behavior to purportedly improve the sidebar experience. Should the user agree to the practice, the embedded malware begins to harvest information about open browser tabs and chatbot conversation data. To accomplish the latter, it looks for specific DOM elements inside the web page, extracts the chat messages, and stores them locally for subsequent exfiltration to remote servers ("chatsaigpt[.]com" or "deepaichats[.]com").
Furthermore, the threat actors have been found to leverage Lovable, an artificial intelligence (AI)-powered web development platform, to host their privacy policies and other infrastructure components ("chataigpt[.]pro" or "chatgptsidebar[.]pro") in an attempt to obfuscate their actions. This tactic allows them to make it more challenging for users to detect the malicious activity of these extensions.
The consequences of installing such add-ons can be severe, as they have the potential to exfiltrate a wide range of sensitive information, including data shared with chatbots like ChatGPT and DeepSeek, and web browsing activity, including search queries and internal corporate URLs. This data can be weaponized for corporate espionage, identity theft, targeted phishing campaigns, or sold on underground forums.
For instance, organizations whose employees installed these extensions may have unknowingly exposed intellectual property, customer data, and confidential business information. As OX Security stated, "This data can be used to breach the trust of unsuspecting users by exploiting their interactions with AI chatbots."
The discovery of these malicious extensions follows weeks after Urban VPN Proxy, another extension with millions of installations on Google Chrome and Microsoft Edge, was caught spying on users' chats with artificial intelligence (AI) chatbots. This tactic of using browser extensions to stealthily capture AI conversations has been codenamed Prompt Poaching by Secure Annex.
Recently, legitimate browser extensions such as Similarweb and Sensor Tower's Stayfocusd – each with 1 million and 600,000 users, respectively – were found to engage in prompt poaching. These findings demonstrate that the trend of using browser extensions to capture AI conversations is not limited to malicious actors alone but also includes well-established brands.
Similarweb, which introduced the ability to monitor conversations in May 2025, added a full terms of service pop-up in January 2026 that makes it explicit that data entered into AI tools is being collected to "provide the in-depth analysis of traffic and engagement metrics." A December 30, 2025, privacy policy update also spells this out -
This information includes prompts, queries, content, uploaded or attached files (e.g., images, videos, text, CSV files) and other inputs that you may enter or submit to certain artificial intelligence (AI) tools, as well as the results or other outputs (including any attached files included in such outputs) that you may receive from such AI tools ("AI Inputs and Outputs").
Considering the nature and general scope of AI Inputs and Outputs and AI Metadata that is typical to AI tools, some Sensitive Data may be inadvertently collected or processed. However, the aim of the processing is not to collect Personal Data in order to be able to identify you. While we cannot guarantee that all Personal Data is removed, we do take steps, where possible, to remove or filter out identifiers that you may enter or submit to these AI tools.
Furthermore, analysis has revealed that Similarweb uses DOM scraping or hijacks native browser APIs like fetch() and XMLHttpRequest() – like in the case of Urban VPN Proxy – to gather the conversation data by loading a remote configuration file that includes custom parsing logic for ChatGPT, Anthropic Claude, Google Gemini, and Perplexity.
Secure Annex's John Tuckner stated that the behavior is common to both Chrome and Edge versions of the Similarweb extension. Similarweb's Firefox add-on was last updated in 2019. "It is clear prompt poaching has arrived to capture your most sensitive conversations and browser extensions are the exploit vector," Tuckner said.
"This is just the beginning of this trend. More firms will begin to realize these insights are profitable. Extension developers looking for a way to monetize will add sophisticated libraries like this one supplied by the marketing companies to their apps."
For users who have installed these add-ons and are concerned about their privacy, it is recommended that they remove them from their browsers and refrain from installing extensions from unknown sources, even if they have the "Featured" tag on them.
Related Information:
https://www.ethicalhackingnews.com/articles/A-Tainted-Web-Two-Chrome-Extensions-Exposed-for-Stealing-ChatGPT-and-DeepSeek-Conversations-from-900000-Users-ehn.shtml
https://thehackernews.com/2026/01/two-chrome-extensions-caught-stealing.html
Published: Tue Jan 6 11:46:16 2026 by llama3.2 3B Q4_K_M
