Cybersecurity researchers have identified two malicious browser extensions available on the Chrome Web Store that were designed to secretly collect and transmit user conversations from artificial intelligence chat platforms such as OpenAI ChatGPT and DeepSeek. The extensions, which together account for more than 900,000 installs, were also found harvesting browsing activity, including open tab information, and sending this data to remote servers controlled by threat actors. The discovery has raised fresh concerns about the growing abuse of browser extensions as a surveillance tool, particularly as users increasingly rely on AI assistants for professional and personal tasks.
The extensions have been identified as Chat GPT for Chrome with GPT 5, Claude Sonnet and DeepSeek AI, which alone had approximately 600,000 users, and AI Sidebar with Deepseek, ChatGPT, Claude, and more, which recorded around 300,000 users. Security analysts noted that both add ons were actively exfiltrating user conversations and Chrome tab URLs every 30 minutes. OX Security researcher Moshe Siman Tov Bustan explained that the extensions requested permission to collect what was described as anonymous and non identifiable analytics data. In reality, once consent was granted, the embedded malicious code captured complete conversation content from ChatGPT and DeepSeek sessions. This information was stored locally before being transmitted to attacker infrastructure hosted on domains such as chatsaigpt.com and deepaichats.com.
Further investigation revealed that the malicious extensions were impersonating a legitimate and widely used extension titled Chat with all AI models Gemini Claude DeepSeek and AI Agents from AITOPIA, which has close to one million users. This imitation helped the rogue extensions blend in and gain user trust. At the time of reporting, both malicious add ons remained available on the Chrome Web Store, although one of them had its Featured badge removed. The malware operates by scanning specific elements within the webpage structure to extract chatbot messages. In addition to this, the attackers were found using an AI powered web development platform called Lovable to host privacy policies and related infrastructure on domains like chataigpt.pro and chatgptsidebar.pro, a tactic believed to be aimed at masking the true nature of their activities.
The findings come only weeks after Urban VPN Proxy, another popular browser extension with millions of users across Chrome and Microsoft Edge, was exposed for spying on AI chatbot interactions. Security firm Secure Annex has labeled this emerging technique Prompt Poaching, referring to the covert capture of AI prompts and responses. Secure Annex has also reported that even legitimate extensions have begun engaging in similar behavior. Extensions such as Similarweb and Sensor Tower’s Stayfocusd, with user bases of one million and 600,000 respectively, were found monitoring AI conversations. Similarweb reportedly introduced this capability in May 2025, with later updates making it explicit in its terms and privacy policy that inputs and outputs from AI tools may be collected for analytics purposes. Analysts noted that Similarweb uses methods such as DOM scraping and hijacking browser APIs like fetch and XMLHttpRequest to gather conversation data across platforms including ChatGPT, Claude, Gemini, and Perplexity.
Security experts have warned that the consequences of installing such extensions can be serious. The collected data may include sensitive corporate discussions, intellectual property, internal URLs, search queries, and personal information shared during AI interactions. OX Security cautioned that this information could be exploited for corporate espionage, identity theft, targeted phishing campaigns, or sold on underground forums. Researchers have advised users and organizations to remove suspicious extensions immediately and to be cautious when granting permissions, even to extensions that appear popular or carry trusted labels on official stores.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
