Malicious Chrome Extension Steal ChatGPT and DeepSeek Conversations from 900K Users

Two rogue Chrome extensions have compromised over 900,000 users by secretly exfiltrating ChatGPT and DeepSeek conversations, along with full browsing histories, to attacker servers.

Discovered by OX Security researchers, the malware impersonates the legitimate AITOPIA AI sidebar tool, with one fake even earning Google’s “Featured” badge.

The OX Research team identified the threat during routine analysis, revealing extensions that clone AITOPIA’s interface for chatting with LLMs like GPT and Claude.

Named “Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI” (600K+ users, ID: fnmihdojmnkclgjpcoonokmkhjpjechg, version 1.9.6) and “AI Sidebar with Deepseek, ChatGPT, Claude and more” (300K+ users, ID: inhcgfpbfdjbjogdfjbclgolkmhnooop), they request “anonymous analytics” consent to mask data theft.

Threat actors host privacy policies on Lovable.dev to obscure origins, and uninstalled extensions redirect to the other.

How the Malware Operates

Installed extensions monitor tabs via chrome.tabs.onUpdated API, generating a unique “gptChatId” per victim. On detecting chatgpt.com or deepseek.com URLs, they scrape DOM elements for prompts, responses, and session IDs, storing data locally before Base64-encoding and sending batches to C2 servers like deepaichats.com or chatsaigpt.com every 30 minutes.

This captures proprietary code, business strategies, PII, search queries, and internal URLs missed by AITOPIA’s disclosed server storage.

Stolen chats risk exposing intellectual property, corporate secrets, and personal data for espionage or sale on dark web forums. Browsing logs reveals habits, tokens, and org structures, enabling phishing or identity theft across affected enterprises.

As of January 7, 2026, both extensions remain downloadable, with the first stripped of its “Featured” status post-disclosure but updated as recently as October 2025.

Users should visit chrome://extensions, remove by ID, or use store pages: ChatGPT extension, AI Sidebar. Avoid unverified extensions regardless of badges; stick to reputable sources.

IoCs

TypeValueNotesExtension nameChat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AIMalicious AI sidebar-style extensionExtension IDfnmihdojmnkclgjpcoonokmkhjpjechgChrome Web Store IDVersion1.9.6Reported malicious buildSHA-256 hash98d1f151872c27d0abae3887f7d6cb6e4ce29e99ad827cb077e1232bc4a69c00Package hashExtension nameAI Sidebar with Deepseek, ChatGPT, Claude and moreSecond malicious extensionExtension IDinhcgfpbfdjbjogdfjbclgolkmhnooopChrome Web Store IDVersion1.6.1Reported malicious buildSHA-256 hash20ba72e91d7685926c8c1c5b4646616fa9d769e32c1bc4e9f15dddaf3429cea7Package hash

Network and C2 IoCs

CategoryDomain / EndpointNotesC2 endpointdeepaichats[.]comReceives stolen chat data and URLsC2 endpointchatsaigpt[.]comAdditional C2 for exfiltrated dataLovable-hosted serverchataigpt[.]proUsed for privacy policy / infra hostingLovable-hosted serverchatgptsidebar[.]proUsed for uninstall redirect and infra

Source link

What's Hot

Investors trust Google more than Meta when comes to spending on AI

Paragon is not collaborating with Italian authorities probing spyware attacks, report says

Microsoft cuts OpenAI revenue share as their AI alliance loosens

Malicious Chrome Extension Steal ChatGPT and DeepSeek Conversations from 900K Users

Top 10 Best Server Monitoring Tools

10 Best Cybersecurity Risk Management Tools

Best DDoS Protection Tools & Services in 2026 (Reviewed)

20 Best Malware Protection Solutions In 2026

10 Most Notable Cyber Attacks of 2026

10 Critical Web Injection Attacks in 2026 (Risks & Mitigation)

Investors trust Google more than Meta when comes to spending on AI

Google launches training and inference TPUs in latest shot at Nvidia

Meta tracks employee usage on Google, LinkedIn AI training project

Meta will cut 10% of workforce as company pushes deeper into AI