A growing threat involving malicious Chrome extensions is putting millions of users at risk by silently harvesting conversations from popular AI platforms such as ChatGPT, Claude, Microsoft Copilot, Google Gemini, and DeepSeek.

Security researchers at G Data have uncovered multiple browser add-ons that appear legitimate but secretly intercept sensitive user data. As AI tools become deeply integrated into daily workflows, this attack vector is emerging as a high-value target for cybercriminals seeking access to personal, corporate, and financial information.

With AI extension usage already exceeding 115 million users globally, the scale of exposure is significant—and largely invisible.

Key Details

The campaign exposed by G Data focuses on three widely downloaded Chrome extensions:

• Urban VPN
• Smart Sidebar: ChatGPT, Claude and DeepSeek
• AI Assistant (rebranded as Chat AI)

Despite high ratings and large install bases, these extensions were found to contain hidden functionality designed to:

• Intercept AI conversations
• Capture chat content
• Transmit data to external servers

The affected tools leveraged script injection techniques, allowing them to monitor browser activity without disrupting normal functionality. This makes detection extremely difficult for users.

Notably, the extensions continued to operate normally, ensuring users remained unaware while their data was being collected in real time.

Technical Analysis

Script Injection and Data Interception

At the core of the attack is browser script injection, where malicious JavaScript is embedded into the extension’s functionality.

For example:

• Urban VPN (v5.10.3) included a hidden file:
  • content.js
  • Intercepted requests across multiple AI platforms

The extension injected an executor script that:

• Captured outbound network requests
• Extracted chat data before reaching AI servers
• Processed and redirected data through its own code

Real-Time Chat Surveillance

The Smart Sidebar extension (v1.9.6) used a component named:

• aiResponder.js within a gptprocessor directory

This module:

• Monitored visits to AI platforms
• Captured each user conversation in real time
• Encoded data using Base64

Captured information included:

• Chat IDs
• Platform names (ChatGPT, DeepSeek, etc.)
• Timestamps
• Full user conversations

Data was sent via POST requests to:

• deepaichats[.]com/ext/aimodel

iFrame Injection Technique

The third extension, Chat AI (v3.3.4), used an advanced method:

• Embedded a hidden iframe-based interface
• Loaded content from an external server
• Positioned itself between user and AI platform

This allowed the extension to:

• Observe all interaction flows
• Capture input/output data streams
• Forward user preferences and chat content externally

Mapped to MITRE ATT&CK techniques:

• T1056 – Input Capture
• T1040 – Network Sniffing
• T1567 – Exfiltration Over Web Services
• T1185 – Browser Session Hijacking

Impact and Risks

Exposure of Highly Sensitive Data

AI platforms are commonly used to process:

• Personal conversations
• Business strategies
• Legal or medical information
• Source code and credentials

Intercepting this data allows attackers to:

• Conduct identity theft
• Execute targeted phishing campaigns
• Engage in corporate espionage
• Perform blackmail or fraud

False Trust in Browser Extensions

The affected extensions were:

• Highly rated on Chrome Web Store
• Installed by thousands to millions of users
• Marketed as productivity or privacy tools

This creates a dangerous illusion of safety while enabling continuous background surveillance.

Enterprise-Level Risk

In corporate environments, compromised AI interactions could expose:

• Confidential documents
• Internal workflows
• Proprietary intellectual property

This elevates the threat from individual data loss to organizational security breaches.

Expert Recommendations

1. Limit Browser Extension Usage

• Install only essential extensions
• Avoid tools requesting excessive permissions

2. Apply Least Privilege Principle

• Restrict access to:
  • Tabs
  • Network requests
  • Sensitive websites

3. Audit Installed Add-Ons Regularly

• Remove unused or suspicious extensions
• Verify developer credibility

4. Monitor Network Behavior

• Detect unusual outbound requests
• Flag unknown domains like:
  • deepaichats[.]com

5. Restrict Access in Enterprise Environments

• Use group policies to:
  • Block extension installs
  • Restrict AI platform access from extensions

6. Avoid Sharing Sensitive Data in AI Tools

• Do not input:
  • Credentials
  • Financial data
  • Confidential corporate information

Industry Context

This campaign highlights a rapidly growing threat category: AI-targeted data exfiltration attacks.

As AI tools become embedded in productivity workflows, attackers are shifting focus toward:

• Client-side exploitation (browser extensions)
• Data interception instead of system compromise
• Stealth techniques over disruptive malware

The trend mirrors previous attacks involving:

• Password-stealing browser extensions
• Cryptocurrency wallet hijackers
• Supply chain attacks in browser ecosystems

The difference now is scale and sensitivity—AI conversations often contain unfiltered, high-value data.

Conclusion

The discovery of malicious Chrome extensions targeting AI platforms marks a critical shift in cybersecurity risk.

By exploiting trust in both browser ecosystems and AI tools, attackers are gaining direct access to some of the most sensitive user-generated content.

As reliance on AI grows, so must awareness. In this new landscape, what you type into an AI tool is only as secure as the environment around it.

FAQ SECTION

1. What are malicious Chrome extensions?

They are browser add-ons that appear legitimate but secretly perform harmful actions such as data theft or tracking user activity.

2. Which AI platforms were targeted?

ChatGPT, Claude, Microsoft Copilot, Google Gemini, and DeepSeek were among the targeted platforms.

3. What data do these extensions steal?

They capture full AI conversations, including sensitive personal, business, and technical information.

4. How do these extensions operate?

They inject scripts into the browser to intercept and exfiltrate data without affecting normal user experience.

5. How can users protect themselves?

By limiting extensions, auditing permissions, avoiding sensitive inputs in AI tools, and monitoring browser activity.