Malicious Chrome extensions steal AI chats from 900,000 usersTwo malicious Chrome extensions impersonating a legitimate AI assistant tool have stolen ChatGPT and DeepSeek conversations from approximately 900,000 users, with one extension even carrying Google's "Featured" badge meant to signal security compliance.OX Security discovered the campaign on December 29 and reported it to Google, but both extensions remained available on the Chrome Web Store as of December 30, secretly exfiltrating chat data, browsing activity, and session tokens to attacker-controlled servers every 30 minutes.The incident follows a similar December discovery by Koi Security revealing that "free VPN" extensions with over 8 million downloads had been capturing AI chat conversations since July 2025, highlighting a growing threat as extensions exploit automatic update mechanisms to introduce malicious code.Read detailed

Malicious Chrome extensions steal AI chats from 900,000 users

Two malicious Chrome extensions impersonating a legitimate AI assistant tool have stolen ChatGPT and DeepSeek conversations from approximately 900,000 users, with one extension even carrying Google's "Featured" badge meant to signal security compliance.

OX Security discovered the campaign on December 29 and reported it to Google, but both extensions remained available on the Chrome Web Store as of December 30, secretly exfiltrating chat data, browsing activity, and session tokens to attacker-controlled servers every 30 minutes.

The incident follows a similar December discovery by Koi Security revealing that "free VPN" extensions with over 8 million downloads had been capturing AI chat conversations since July 2025, highlighting a growing threat as extensions exploit automatic update mechanisms to introduce malicious code.

Read detailed