Recent research has uncovered a troubling trend in the world of browser extensions. Cybersecurity experts have identified two malicious extensions on the Chrome Web Store designed to steal users’ conversations from OpenAI’s ChatGPT and DeepSeek, along with browsing data. These extensions, which have over 900,000 combined users, are named:
- Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI (600,000 users)
- AI Sidebar with Deepseek, ChatGPT, Claude, and more (300,000 users)
Just weeks earlier, another extension, Urban VPN Proxy, was caught spying on user interactions with AI chatbots. This type of unauthorized data collection is referred to as “Prompt Poaching,” a term introduced by Secure Annex.
According to OX Security, the two extensions were found to be sending user data to remote servers every 30 minutes. Moshe Siman Tov Bustan, a researcher at OX Security, noted that the malicious extensions pretend to seek consent for “anonymous analytics” but actually harvest full conversation content from ChatGPT and DeepSeek.
These extensions mimic a legitimate tool called “Chat with all AI models,” trying to pass as trustworthy while their true purpose is much darker. Once installed, they ask users for permissions under the guise of improving the user experience. If this permission is granted, the extensions begin to steal information from your open browser tabs and AI chats.
To achieve this, they extract chat messages from web pages and send them to remote servers like “chatsaigpt.com” or “deepaichats.com.” What’s more, these cybercriminals use an AI-powered platform to hide their activities, adding layers of deception.
The risks of installing such malicious add-ons can be significant. They can capture sensitive information shared with AI systems, web browsing habits, and even internal company URLs. This stolen data could be exploited for various threats, including corporate espionage and identity theft.
Interestingly, some legitimate extensions like Similarweb and Stayfocusd have also been reported to engage in similar practices. Similarweb’s updates have made it clear that they collect data from AI interactions to improve their analytics, while also using advanced methods to scrape conversation details.
According to statistics from Secure Annex, the use of browser extensions for data harvesting is on the rise. Many companies may soon realize this data can be monetized. John Tuckner from Secure Annex warns that this trend is just beginning, as developers seek ways to profit from users’ data.
Cybersecurity experts suggest that users should remove suspicious extensions promptly and avoid installing unknown ones, regardless of their ratings or tags. Protecting personal information in this increasingly interconnected world is more crucial than ever.
Source link
cyber security news, cyber news, cyber security news today, cyber security updates, cyber updates, hacker news, hacking news, software vulnerability, cyber attacks, data breach, ransomware malware, how to hack, network security, information security, the hacker news, computer security
