Shadowy Intruders: Malicious Chrome Extensions Exposed for Stealing AI Chats

Introduction to the Discovery

In a startling revelation that underscores the persistent vulnerabilities in digital ecosystems, cybersecurity researchers have uncovered two rogue Chrome extensions that have been covertly harvesting sensitive data from hundreds of thousands of users. Reported on January 6, 2026, these extensions, masquerading as helpful AI productivity tools, have been siphoning off conversations from popular AI platforms like ChatGPT and DeepSeek, along with comprehensive browsing histories. This incident highlights the growing risks associated with browser add-ons, which promise convenience but can sometimes deliver deception.

The extensions in question have amassed a combined installation base exceeding 900,000 users, exploiting the trust placed in the Chrome Web Store's vetting process. Discovered by experts at OX Security, the findings paint a picture of sophisticated malware that operates under the guise of legitimacy, raising alarms about data privacy in an era dominated by artificial intelligence interactions.

The Culprits: Identifying the Malicious Extensions

The two extensions at the center of this scandal are cleverly named to appeal to users seeking enhanced AI capabilities. The first, titled "Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI," boasts over 600,000 installations. Its extension ID is fnmihdojmnkclgjpcoonokmkhjpjechg, and it presents itself as a versatile tool for integrating advanced AI models into everyday browsing.

The second extension, "AI Sidebar with Deepseek, ChatGPT, Claude, and more," has attracted more than 300,000 users. Identified by the extension ID inhcgfpbfdjbjogdfjbclgolkmhnooop, it mimics legitimate sidebar utilities that provide quick access to multiple AI services. Both extensions impersonate a well-known legitimate add-on from AITOPIA, which has around one million users, thereby leveraging established credibility to evade suspicion.

These add-ons request broad permissions upon installation, granting them access to read content on all websites visited by the user. This seemingly innocuous request is the gateway to their malicious activities, allowing them to monitor and extract data without raising immediate red flags.

How the Data Theft Operates

The mechanism behind the data exfiltration is both insidious and efficient. Once installed, the extensions begin monitoring user interactions with targeted AI platforms. Specifically, they capture complete conversation transcripts from OpenAI's ChatGPT and DeepSeek, including user prompts, AI-generated responses, and any associated metadata. This is achieved by scanning for specific Document Object Model (DOM) elements within the web pages of these services.

Data collection extends beyond AI chats to encompass all browsing activity. The extensions log URLs from open tabs, search queries, and even internal parameters that might contain sensitive information like session tokens or authentication details. Collected data is temporarily stored locally on the user's device before being transmitted to remote command-and-control servers every 30 minutes.

The servers involved in this operation include domains such as chatsaigpt.com and deepaichats.com, which are controlled by the attackers. To further obscure their tracks, the perpetrators utilize platforms like Lovable - an AI-powered web development tool - to host fake privacy policies and redirection pages. This setup complicates efforts to trace and dismantle the infrastructure.

A particularly cunning aspect of the malware is its social engineering tactic. During installation, users are prompted to consent to the collection of "anonymous, non-identifiable analytics data." However, this consent is misleading, as the extensions proceed to harvest full, identifiable conversation content without further disclosure.

In cases where a user attempts to uninstall one extension, the other may automatically activate or prompt a new tab to maintain persistence, ensuring continued data flow to the attackers.

The Impact on Users and Organizations

The ramifications of this breach are profound and far-reaching. For individual users, the stolen data could include personal information shared in AI conversations, such as financial details, health concerns, or private communications. This information is ripe for exploitation in identity theft, targeted phishing scams, or even blackmail attempts.

On a larger scale, organizations face significant risks. Employees using these extensions might inadvertently expose intellectual property, proprietary source code, customer data, or strategic business plans discussed with AI tools. The assumption of security in AI platforms is shattered, as the extensions bypass platform-level protections by directly accessing browser content.

This incident is part of a broader trend known as "prompt poaching," where malicious actors target the sensitive inputs and outputs of AI interactions. The data harvested can be sold on underground markets, used for corporate espionage, or leveraged to craft highly personalized cyber attacks. With over 900,000 affected users, the potential for widespread harm is immense, potentially affecting industries from finance to healthcare.

Moreover, the persistence of these extensions on the Chrome Web Store - even after their malicious nature was reported - questions the efficacy of Google's review and moderation processes. One of the extensions even carried a "Featured" badge, which likely contributed to its rapid adoption.

Broader Context in Cybersecurity

This discovery does not occur in isolation. It follows closely on the heels of similar incidents, such as the Urban VPN Proxy breach in December 2025, which affected millions. Other legitimate extensions, like those from Similarweb and Sensor Tower, have been noted for similar data collection practices, albeit under the umbrella of analytics.

The rise of AI tools has created new vectors for exploitation. Users increasingly rely on browser extensions to enhance productivity, but this convenience comes with heightened risks. Attackers are capitalizing on the lax oversight in extension marketplaces, embedding malware that evades detection through obfuscation and mimicry of benign features.

Cybersecurity experts warn that this could be the tip of the iceberg. As AI integration deepens, the value of conversation data skyrockets, making it a prime target for threat actors. The incident serves as a reminder of the need for vigilance in an increasingly interconnected digital landscape.

Recommendations and Protective Measures

To mitigate the risks posed by these and similar threats, users are urged to take immediate action. First and foremost, check your installed extensions by navigating to chrome://extensions/ in your browser and remove any matching the identified names or IDs.

Beyond removal, adopt a more cautious approach to extensions in general:

• Only install add-ons from trusted developers with positive reviews and transparent privacy policies.
• Review permission requests carefully - question why an AI tool needs access to all your browsing data.
• Regularly audit your installed extensions and disable or remove those no longer in use.
• Consider using browser security features or third-party tools that monitor extension behavior.
• For sensitive AI interactions, use incognito modes or dedicated browsers without extensions.

Organizations should implement policies restricting extension installations on work devices and educate employees about these risks. Keeping browsers updated and employing endpoint detection solutions can further bolster defenses.

Conclusion: A Call for Enhanced Vigilance

The exposure of these malicious Chrome extensions on January 6, 2026, is a stark warning about the hidden dangers lurking in everyday digital tools. As AI becomes integral to personal and professional life, protecting the data we share with these systems is paramount. By staying informed and proactive, users can safeguard their information against such shadowy intrusions, ensuring that the benefits of technology outweigh its perils.