Malicious Chrome Extensions Steal ChatGPT Data from 900k Users

ShiftDelete.net
FOLLOW US

Malicious Chrome Extensions Steal Data From 900k Users

Two malicious Chrome extensions disguised as AI tools have stolen sensitive ChatGPT data from 900,000 users. Learn how they operated and protect yourself now.

Chrome

Cybersecurity researchers have uncovered a massive data theft operation involving malicious Chrome extensions that affected approximately 900,000 users worldwide. According to a recent report, two extensions mimicking popular AI tools secretly harvested all conversations from users on platforms like ChatGPT and DeepSeek.

How Malicious Chrome Extensions Deceived Users

The malicious software, discovered during routine threat analysis by OX Security, cleverly impersonated a legitimate tool known as AITOPIA. However, these extensions did more than just offer AI services. It was determined that they secretly transferred sensitive chat data, browsing history, and session keys to servers controlled by attackers every 30 minutes.

Malicious AI Chrome extensions displayed on the Chrome Web Store interface.

The extensions at the heart of this data theft reached a staggering number of installations. The two primary culprits were:

  • “Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI” with 600,000 installations.
  • “AI Sidebar with Deepseek, ChatGPT, Claude, and more” with 300,000 installations.

Perhaps the most alarming detail is that one of these extensions had been awarded a “Featured” badge by Google, a symbol meant to indicate that it met the company’s security standards.

The “Sleeper Agent” Threat in Your Browser

Although OX Security reported the issue to Google, the extensions remained available in the store for some time. The investigation revealed that the extensions manipulated user permissions under the guise of anonymous data collection. Furthermore, all stolen data was encrypted in Base64 format and sent to servers with the addresses deepaichats[.]com and chatsaigpt[.]com. The leaked information included sensitive corporate data and the URLs of websites visited by the users.

Cybersecurity experts warn that browser extensions have become an unmanageable risk layer for both businesses and individual users. These add-ons, often referred to as “sleeper agents,” may appear harmless upon initial installation but can be turned into malicious tools through automatic updates that inject harmful code.

So, what are your thoughts on the security of browser extensions? Share your opinions with us in the comments!

Chrome Extensions
CyberSecurity
data breach
malware

SDN Comments 0 Comments

Comment

HOW TOAll

Related News

Clicks Communicator: The New Physical Keyboard Smartphone
Clicks Communicator: The New Physical Keyboard Smartphone
ASUS Wi-Fi 8 Router: Too Soon for Next-Gen Speed?
ASUS Wi-Fi 8 Router: Too Soon for Next-Gen Speed?
Atlas Robot Factory Tests Begin at Hyundai Plant
Atlas Robot Factory Tests Begin at Hyundai Plant
LG CLOiD Robot: The Future of AI-Powered Housework?
LG CLOiD Robot: The Future of AI-Powered Housework?

SDN Network

Sihirli Elma Yeşil Robot Tech Inside Pembe Teknoloji Future Flow Life

SDN.net

1250 BORREGAS AVENUE, #40, SUNNYVALE, CA
94089 ShiftDelete.Net LLC

info@shiftdelete.net

Shiftdelete.Net is a member of the Association of Internet Media and IT Reporters.

Desteklio