These Popular Chrome Extensions Are Stealing Your Chats With AI.

Posted on by

Hackers continue to find ways to infiltrate the Chrome Web Store with malicious extensions— this time, two attackers are posing as an add-on that allows users to communicate with ChatGPT and DeepSeek on other websites, and stealing data to transmit to the attackers’ servers.

Beware of these Chrome extensions!

At first glance, the two extensions discovered by Ox Security researchers appear fairly innocuous. The first, titled “Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI,” has a “Recommended” badge and 2,700 ratings from over 600,000 users. “AI Sidebar with Deepseek, ChatGPT, Claude and more” appears verified and has 2,200 ratings from 300,000 users.

However, these add-ons actually send AI chatbot conversations and web browsing data directly to the attackers’ servers. This means hackers gain access to a huge amount of sensitive information users share with ChatGPT and DeepSeek, as well as Chrome tab URLs, search queries, session tokens, user IDs, and authentication data. All of this can be used for identity theft, phishing campaigns, and even corporate espionage.

You may also like

Researchers discovered that these extensions mimic legitimate Chrome add-ons developed by AITOPIA, which add a sidebar to any website with the ability to interact with popular speakers. The malicious functionality relies on a consent request for the use of “anonymous, non-identifiable analytics data.” The attackers use Lovable, a web development platform, to host privacy policies and infrastructure, obscuring their operations.

Download Newsletter

Never miss a beat in the tech world! Get the latest news, reviews, and tips from Jake and his team.

To complete your subscription, please complete the checkout below.

Success!
Everyone is registered.

By clicking the “Register” button, you confirm that you are 16 years of age or older and agree to our Terms of Service and Privacy Policy .

The researchers also found that if one extension was removed, another would open in a new tab, attempting to trick users into installing that extension instead.

How to avoid malicious browser extensions

If you’ve added AI-related extensions to Chrome, go to chrome://extensions/ and search for malicious, fake extensions. If you find any, click Remove . As of this writing, the extensions detected by Ox are no longer listed in the Chrome Web Store.

What do you think at the moment?

As I’ve written before , malicious extensions sometimes evade detection and gain approval from browser libraries by posing as legitimate add-ons, even receiving “Recommended” and “Verified” labels. Some attackers, playing the long game, turn extensions into malware years after their launch . This means you shouldn’t blindly trust ratings and reviews, even if they’ve accumulated over time.

To minimize risks, always thoroughly check browser extensions (even those that appear legitimate) for obvious red flags, such as spelling errors in the description and a large number of positive reviews accumulated in a short period of time. Search Google or Reddit to see if anyone has flagged the extension as malicious or if there are any issues with the developer or source. Make sure you’re downloading the correct extension—scammers often try to confuse users by using names similar to popular extensions.

Finally, you should regularly check your extensions and remove any unnecessary ones. Go to chrome://extensions/ to see all your installed extensions.

More…

Privacy

Leave a Reply