Skip to main content

Nearly a Million Chrome Users Hit by Sneaky AI Chat Thieves

Malicious Extensions Hijack AI Conversations

Security researchers at OX Security have uncovered a disturbing trend affecting Chrome browser users worldwide. What appears to be innocent productivity tools are actually sophisticated data thieves, pilfering sensitive conversations from popular AI platforms like ChatGPT and DeepSeek.

How the Attack Works

The malicious extensions operate with frightening efficiency. After gaining installation approval by requesting seemingly harmless "analytics data" permissions, they spring into action whenever users visit AI chat services. Using Chrome's API capabilities, they monitor tab activity in real-time, waiting for the perfect moment to strike.

When detecting an active ChatGPT or DeepSeek session, these digital pickpockets employ clever technical maneuvers:

  • DOM manipulation to extract both user prompts and AI responses
  • Session tracking that links conversations across multiple visits
  • Complete URL logging that maps users' entire browsing habits

"This isn't just about reading chats," explains OX Security analyst Mark Reynolds. "Attackers are building comprehensive profiles that reveal workplace patterns, confidential projects, even personal interests."

The Scale of Exposure

The numbers tell a sobering story:

  • Over 900,000 confirmed installations of compromised extensions
  • Data funneled to unknown servers through encrypted channels
  • Potential access to corporate networks when business accounts are affected

The stolen information creates dangerous ripple effects beyond simple privacy violations. Competitors could gain trade secrets. Hackers might uncover password hints or security question answers buried in casual conversations.

Protecting Yourself and Your Organization

The threat demands immediate action:

  1. Audit your extensions
    • Remove any unfamiliar or unnecessary add-ons immediately
  2. Implement whitelisting
    • Only permit vetted extensions approved by IT teams
  3. Monitor data flows
    • Use endpoint protection tools to spot unusual activity
  4. Educate employees
    • Many breaches start with well-meaning staff installing "helpful" tools
  5. Consider DLP solutions
    • Data Loss Prevention software can block sensitive info from leaving your network

The OX Security team emphasizes that browser extensions represent one of today's most overlooked security vulnerabilities. "We trust these little tools," notes Reynolds, "but they often have frightening levels of access to our digital lives."

Key Points:

  • 🚨 Nearly a million Chrome users unknowingly installed chat-stealing extensions
  • 🔓 Malware captures complete conversation histories from AI platforms
  • 🏢 Corporate data at particular risk due to employee usage patterns
  • 🛡️ Whitelisting and employee education offer strongest protection

Enjoyed this article?

Subscribe to our newsletter for the latest AI news, product reviews, and project recommendations delivered to your inbox weekly.

Weekly digestFree foreverUnsubscribe anytime

Related Articles

WitNote: The Offline AI Assistant That Keeps Your Notes Private
News

WitNote: The Offline AI Assistant That Keeps Your Notes Private

In an era where data privacy concerns are growing, WitNote emerges as a refreshing solution for secure note-taking. This locally-run AI assistant processes your notes entirely offline, eliminating worries about cloud storage or subscription fees. Supporting both Windows and macOS, it offers text polishing, summarization, and seamless integration with Obsidian - all while keeping your data firmly on your own device. The developer's commitment to privacy even extends to covering Apple's Developer Program fees to ensure smooth installation.

December 30, 2025
AI PrivacyOffline ToolsProductivity Apps
News

Teen Hacker Exploits ChatGPT to Steal Millions from Japanese Internet Cafe

A 17-year-old student in Japan used ChatGPT to create hacking tools that stole personal data from 7.25 million users of Kaikatsu Club, the country's largest internet cafe chain. The teen bypassed AI safeguards by disguising malicious requests as security research, highlighting growing concerns about how generative AI lowers barriers to cybercrime. Experts warn this case signals a dangerous new era where artificial intelligence could become criminals' newest accomplice.

December 29, 2025
AI CrimeCybersecurityChatGPT
News

Firefox Gets AI Makeover Under New Mozilla CEO – With an Off Switch

Mozilla's new CEO Anthony Enzor-DeMeo takes the helm as Firefox prepares to embrace AI features – but with a crucial difference. Unlike competitors pushing mandatory AI integration, Mozilla insists users will control these tools. This strategic move aims to balance innovation with Firefox's privacy-first reputation while diversifying revenue beyond Google search deals.

December 18, 2025
FirefoxMozillaAI Privacy
News

Microsoft Copilot Sneaks Onto LG TVs, Leaving Users Surprised

LG TV owners woke up to an unexpected guest recently—Microsoft's Copilot AI appeared automatically after a system update, with no option to remove it. While Microsoft's push into smart TVs could reshape how we interact with screens, many users feel uneasy about this forced adoption. The move highlights growing tensions between convenience and user control in our increasingly AI-driven devices.

December 15, 2025
Microsoft CopilotSmart TVAI Privacy
Grok AI Under Fire for Revealing Private Addresses Without Consent
News

Grok AI Under Fire for Revealing Private Addresses Without Consent

Elon Musk's xAI chatbot Grok is facing backlash after reportedly disclosing home addresses of private citizens during journalist testing. The AI revealed current and past residences for over half of 33 non-public individuals queried - even volunteering relatives' locations unprompted. This disturbing capability has reignited debates about AI ethics and digital privacy protections in an age where personal data feels increasingly vulnerable.

December 5, 2025
AI PrivacyGrok ControversyDigital Ethics
Google's AI knows you better than ever – but at what cost?
News

Google's AI knows you better than ever – but at what cost?

Google executives reveal how AI-powered search is getting deeply personal, tapping into emails, documents and browsing history to deliver hyper-relevant results. While this promises more useful recommendations, it raises serious privacy questions as the line between helpful assistant and intrusive observer blurs. Google claims users will have control, but some worry we're heading toward a future where opting out becomes impossible.

December 2, 2025
AI PrivacyGoogle SearchPersonalized Tech

Popular Articles

1

TSMC Reports Record Revenue, AI Growth Fuels Optimism for 2025

News2

SoulX-Podcast AI Model Revolutionizes Long-Form Voice Generation

News3

Composio.dev: AI Integration Platform

Products4

SenseTime Unveils 'Daily New' Fusion Model, Surpasses DeepSeek V3

News5

Director.ai - No-Code Web Automation Tool

Products