Malicious Chrome Extensions Caught Stealing AI Conversations from 900,000 Users

What Happened

Security firm OX Security discovered two malicious Chrome extensions that were stealing user conversations from ChatGPT and DeepSeek. Despite containing data-stealing malware, one of the extensions had received Google's "Featured" badge.

The two extensions were:

• "Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI" – over 600,000 users
• "AI Sidebar with Deepseek, ChatGPT, Claude and more" – over 300,000 users

The malware exfiltrated complete conversation content to remote C2 servers every 30 minutes, disguised as "anonymous analytics data collection."

Why It Matters

This attack demonstrates how threat actors are increasingly targeting AI users. Your AI conversations may contain:

• Proprietary code
• Business strategies
• Personal information
• API keys and credentials

OX Security warns: "This data can be weaponized for corporate espionage, identity theft, targeted phishing campaigns, or sold on underground forums."

This tactic has been codenamed "Prompt Poaching" by Secure Annex.

Technical Details

The extensions copied the functionality of a legitimate AI sidebar extension (AITOPIA), then added malicious data exfiltration capabilities.

How the attack worked:

1. Extensions used chrome.tabs.onUpdated API for persistent visibility
2. Silently observed when users navigated to ChatGPT or DeepSeek
3. Dynamically extracted content from the webpage's DOM
4. Captured full user prompts, AI responses, and session metadata
5. Exfiltrated data every 30 minutes to remote servers

Protection Measures

1. Only install extensions from verified publishers
2. Review extension permissions carefully
3. Use browser profiles to isolate sensitive activities
4. Consider using AI services in incognito/private mode
5. Regularly audit your installed extensions
6. The malicious extensions have been removed from the Chrome Web Store