Chrome Extensions Stole ChatGPT & DeepSeek Data from 900K Users
▼ Summary
– Two malicious Chrome extensions with over 900,000 users were caught exfiltrating ChatGPT and DeepSeek conversations and browsing data to attackers’ servers.
– These extensions impersonate a legitimate AI tool and trick users by requesting consent for “anonymous analytics” while secretly harvesting full chat content and tab URLs.
– The tactic, called “Prompt Poaching,” is also being used by some legitimate extensions like Similarweb, which explicitly state they collect AI conversation data for analysis.
– The stolen data, including sensitive corporate information and personal queries, can be weaponized for espionage, identity theft, or sold on underground forums.
– Users are advised to remove suspicious extensions and avoid installing add-ons from unknown sources, even if they are featured on the Chrome Web Store.
Cybersecurity experts have identified a pair of dangerous extensions on the Chrome Web Store, designed to secretly steal user data from AI chatbots like ChatGPT and DeepSeek. These malicious add-ons, which together had amassed over 900,000 installations, siphoned private conversations and comprehensive browsing information directly to servers controlled by attackers. This incident highlights a growing threat vector where seemingly helpful browser tools are weaponized for data theft, putting both personal privacy and corporate security at serious risk.
The extensions in question are “Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI” and “AI Sidebar with Deepseek, ChatGPT, Claude, and more.” Researchers found they were exfiltrating complete user conversations and all Chrome tab URLs to a remote server every half hour. To trick users, the malware requests permission to collect “anonymous, non-identifiable analytics data” under the guise of improving the service, while its true purpose is harvesting sensitive chat content.
These rogue extensions cleverly impersonate a legitimate tool from AITOPIA called “Chat with all AI models.” Once installed, they scrape specific elements from web pages to capture chat messages, storing them locally before sending the data to domains like chatsaigpt[.]com. The attackers have even used AI-powered web development platforms to host deceptive privacy policies, further obscuring their malicious activities.
The potential fallout is severe. Stolen data can include proprietary business information, internal corporate URLs, personal queries, and confidential details shared with AI assistants. This information could be leveraged for corporate espionage, sophisticated phishing attacks, or sold on dark web forums, posing a direct threat to organizations whose employees may have installed these tools.
Alarmingly, this practice, dubbed “Prompt Poaching,” is not confined to obviously malicious software. Researchers report that even legitimate, widely-used extensions like Similarweb and Sensor Tower’s Stayfocusd have incorporated functionality to monitor AI conversations. Similarweb’s updated terms of service explicitly state it collects data entered into AI tools, including prompts, uploaded files, and outputs, to fuel its analytics services. The extension employs techniques like DOM scraping or hijacking browser APIs to gather this information from platforms including ChatGPT, Claude, and Gemini.
This trend signals a troubling shift where browser extensions are becoming a primary exploit vector for harvesting sensitive digital interactions. As the profitability of such data becomes apparent, more developers may be tempted to embed similar data-collection libraries into their apps, often under the banner of analytics or service improvement. Users are strongly advised to scrutinize extension permissions, remove any suspicious add-ons immediately, and exercise caution even with tools bearing official “Featured” badges, as these can still pose significant privacy risks.
(Source: The Hacker News)
