zk23d agoMalicious Google Chrome extensions have stolen large language model (LLM) conversations and browser data from hundreds of thousands of users. Application security vendor Ox Security detailed a campaign in a recent research blog involving malicious Google Chrome extensions posing as legitimate extensions from a company called AItopia that adds a sidebar on websites that enables chats with popular LLMs like ChatGPT and DeepSeek. Ox researchers found that two extensions were copying the functionality of the legitimate app while also exfiltrating user conversation and browsing data to a command-and-control (C2) server. One, titled "ChatGPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI," had more than 600,000 users and a Google Chrome "Featured" badge, while the other, "AI Sidebar with Deepseek, ChatGPT, Claude and more," had over 300,000. Stay alert, the extensions according to 0x Security have been already removed, I would not be surprised if new ones are already in the store...
Replies (0)
No replies yet.