Over 900,000 Chrome users have been compromised by two malicious extensions that secretly exfiltrate ChatGPT and DeepSeek conversations to attacker-controlled servers.
Security researchers discovered the extensions impersonating the legitimate AITOPIA AI sidebar tool, with one rogue extension even earning Google’s “Featured” badge despite containing data-stealing malware.
Extensions Steal Conversations Every 30 Minutes
The two malicious extensions “Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI” (600,000+ users) and “AI Sidebar with Deepseek, ChatGPT, Claude and more” (300,000+ users) clone AITOPIA’s functionality while adding hidden data exfiltration capabilities.
The malware monitors browsing activity with broad “read all website content” permissions, extracting user prompts and AI responses in real time when victims visit ChatGPT or DeepSeek platforms.
Stolen data is stored locally before being transmitted to the command-and-control server deepaichats[.]com every 30 minutes.
The exfiltrated information includes complete AI conversation content containing proprietary source code, business strategies, personally identifiable information, and confidential corporate communications.
Additionally, the extensions capture complete URLs from all Chrome tabs, search queries, and URL parameters that may contain session tokens and authentication data.
The attackers deceive users by requesting consent for “anonymous, non-identifiable analytics data” while actually stealing complete conversation content.
To anonymize their infrastructure, threat actors abuse Lovable, an AI-powered web development platform, to host privacy policies and redirection pages, making it difficult for researchers to trace the campaign’s origins.
When one extension is uninstalled, it automatically opens the other malicious extension in a new tab, tricking users into installing the alternative.
OX Security reported both extensions to Google on December 29, 2025. As of December 30, Google acknowledged the report is under review.
However, both extensions remain active on the Chrome Web Store, with the first extension still displaying its “Featured” badge.
Affected users should immediately remove the extensions by visiting chrome://extensions/ or navigating directly to the Chrome Web Store extension pages.
Organizations whose employees installed these extensions may have unknowingly exposed intellectual property, customer data, and confidential business information to threat actors.
IoC
| Name | Extension ID | Version | Hash |
| Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI | fnmihdojmnkclgjpcoonokmkhjpjechg | 1.9.6 | 98d1f151872c27d0abae3887f7d6cb6e4ce29e99ad827cb077e1232bc4a69c00 |
| AI Sidebar with Deepseek, ChatGPT, Claude and more. | inhcgfpbfdjbjogdfjbclgolkmhnooop | 1.6.1 | 20ba72e91d7685926c8c1c5b4646616fa9d769e32c1bc4e9f15dddaf3429cea7 |
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.