Two malicious Chrome extensions, collectively downloaded over 900,000 times, have been discovered secretly exfiltrating user conversations from popular AI chatbots like ChatGPT and DeepSeek. These extensions, disguised as legitimate tools, also harvested browsing data, posing a significant risk to user privacy and corporate security.

Key Takeaways

• Two Chrome extensions with a combined 900,000+ downloads were found to be stealing AI chat data.

• The extensions targeted conversations with ChatGPT and DeepSeek, along with browsing history.

• One of the malicious extensions had a "Featured" badge from the Chrome Web Store.

• The stolen data could be used for corporate espionage, identity theft, and targeted phishing.

Malicious Extensions Identified

Cybersecurity researchers have identified two specific extensions responsible for this data theft:

• Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI: This extension had over 600,000 users and was even marked as "Featured" in the Chrome Web Store.

• AI Sidebar with Deepseek, ChatGPT, Claude, and more: This extension had over 300,000 users.

These extensions mimicked a legitimate tool from AITOPIA, which offers a sidebar for interacting with various AI models. However, the malicious versions included hidden code that, after gaining user consent for "anonymous analytics," proceeded to steal sensitive information.

Data Exfiltration Tactics

The rogue extensions operated by exfiltrating user conversations from ChatGPT and DeepSeek sessions, as well as collecting all URLs from active Chrome tabs. This data was sent to attacker-controlled servers every 30 minutes. The collected information included:

• Proprietary source code and development queries.

• Discussions of confidential business strategies.

• Personal information, including IP addresses.

• Full URLs and browsing profiles from all tabs.

• Search queries and sensitive research topics.

• URL parameters containing session tokens and authentication information.

• Internal URLs revealing organizational structure.

The Broader Threat Landscape

This incident highlights a growing trend of "Prompt Poaching," where malicious browser extensions are used to capture sensitive data shared with AI tools. Researchers noted that this tactic is becoming more sophisticated, with attackers leveraging platforms like Lovable to host their infrastructure and obfuscate their activities. The potential consequences are severe, ranging from identity theft and targeted phishing to corporate espionage, potentially exposing intellectual property and confidential business information.

Users who have installed these extensions are strongly advised to remove them immediately and to exercise caution when installing any browser add-ons, even those with official "Featured" badges.

Sources

• Two Chrome Extensions Caught Stealing ChatGPT and DeepSeek Chats from 900,000 Users, The Hacker News.

• Chrome Extensions With 900,000 Downloads Caught Stealing AI Chats, SecurityWeek.

• It turns out that a Chrome extension with over 900,000 downloads is stealing conversation data and browserbrowsing history from ChatGPT and DeepSeek, GIGAZINE.

• Malicious Chrome extensions steal AI chats from 900,000 users, Mathrubhumi English.