Two rogue Chrome extensions have compromised over 900,000 users by secretly exfiltrating ChatGPT and DeepSeek conversations, along with full browsing histories, to attacker servers.
Discovered by OX Security researchers, the malware impersonates the legitimate AITOPIA AI sidebar tool, with one fake even earning Google’s “Featured” badge.
The OX Research team identified the threat during routine analysis, revealing extensions that clone AITOPIA’s interface for chatting with LLMs like GPT and Claude.
Named “Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI” (600K+ users, ID: fnmihdojmnkclgjpcoonokmkhjpjechg, version 1.9.6) and “AI Sidebar with Deepseek, ChatGPT, Claude and more” (300K+ users, ID: inhcgfpbfdjbjogdfjbclgolkmhnooop), they request “anonymous analytics” consent to mask data theft.
Threat actors host privacy policies on Lovable.dev to obscure origins, and uninstalled extensions redirect to the other.
How the Malware Operates
Installed extensions monitor tabs via chrome.tabs.onUpdated API, generating a unique “gptChatId” per victim. On detecting chatgpt.com or deepseek.com URLs, they scrape DOM elements for prompts, responses, and session IDs, storing data locally before Base64-encoding and sending batches to C2 servers like deepaichats.com or chatsaigpt.com every 30 minutes.
This captures proprietary code, business strategies, PII, search queries, and internal URLs missed by AITOPIA’s disclosed server storage.
Stolen chats risk exposing intellectual property, corporate secrets, and personal data for espionage or sale on dark web forums. Browsing logs reveals habits, tokens, and org structures, enabling phishing or identity theft across affected enterprises.
As of January 7, 2026, both extensions remain downloadable, with the first stripped of its “Featured” status post-disclosure but updated as recently as October 2025.
Users should visit chrome://extensions, remove by ID, or use store pages: ChatGPT extension, AI Sidebar. Avoid unverified extensions regardless of badges; stick to reputable sources.
IoCs
| Type | Value | Notes |
|---|---|---|
| Extension name | Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI | Malicious AI sidebar-style extension |
| Extension ID | fnmihdojmnkclgjpcoonokmkhjpjechg | Chrome Web Store ID |
| Version | 1.9.6 | Reported malicious build |
| SHA-256 hash | 98d1f151872c27d0abae3887f7d6cb6e4ce29e99ad827cb077e1232bc4a69c00 | Package hash |
| Extension name | AI Sidebar with Deepseek, ChatGPT, Claude and more | Second malicious extension |
| Extension ID | inhcgfpbfdjbjogdfjbclgolkmhnooop | Chrome Web Store ID |
| Version | 1.6.1 | Reported malicious build |
| SHA-256 hash | 20ba72e91d7685926c8c1c5b4646616fa9d769e32c1bc4e9f15dddaf3429cea7 | Package hash |
Network and C2 IoCs
| Category | Domain / Endpoint | Notes |
|---|---|---|
| C2 endpoint | deepaichats[.]com | Receives stolen chat data and URLs |
| C2 endpoint | chatsaigpt[.]com | Additional C2 for exfiltrated data |
| Lovable-hosted server | chataigpt[.]pro | Used for privacy policy / infra hosting |
| Lovable-hosted server | chatgptsidebar[.]pro | Used for uninstall redirect and infra |
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
