Cybersecurity NewsArchived Jun 05, 2026✓ Full text saved
Millions of people now use AI platforms like ChatGPT, Claude, Copilot, Gemini, and DeepSeek every single day, sharing personal thoughts, work documents, and sensitive data without a second thought. That trust, it turns out, is being quietly exploited. A growing wave of malicious Google Chrome extensions is secretly harvesting those conversations and sending them off […] The post Malicious Browser Add-Ons Target ChatGPT, Claude, Copilot, Gemini, and DeepSeek Users appeared first on Cyber Security
Full text archived locally
✦ AI Summary· Claude Sonnet
HomeCyber Security News
Malicious Browser Add-Ons Target ChatGPT, Claude, Copilot, Gemini, and DeepSeek Users
By Tushar Subhra Dutta
June 5, 2026
Millions of people now use AI platforms like ChatGPT, Claude, Copilot, Gemini, and DeepSeek every single day, sharing personal thoughts, work documents, and sensitive data without a second thought.
That trust, it turns out, is being quietly exploited. A growing wave of malicious Google Chrome extensions is secretly harvesting those conversations and sending them off to unknown servers, all while pretending to help users get more out of their AI tools.
The scale of this problem is hard to ignore. As of March 2026, AI-related Chrome extensions had already accumulated roughly 115 million users worldwide, according to Chrome Statistics 2026.
That enormous user base makes these extensions an attractive target for threat actors looking to scoop up valuable data with little effort and even less visibility.
Analysts at G Data published a report shared with Cyber Security News (CSN) exposing three specific extensions: Urban VPN, Smart Sidebar: ChatGPT, Claude and DeepSeek, and AI Assistant, now rebranded as Chat AI.
These add-ons carried strong ratings and large user counts on the Chrome Web Store, giving them a false air of credibility while their true behavior lurked beneath the surface.
What makes this campaign dangerous is the type of information being put at risk. Users routinely share deeply personal details, confidential business data, and medical information with AI platforms.
Whoever intercepts these conversations gains access to material that can be weaponized for fraud, blackmail, or corporate espionage with alarming ease.
The method these extensions use is calculated and deliberate. They quietly inject scripts into the browser, intercept outgoing network requests, and siphon off conversation data before it reaches its intended destination. Victims rarely notice because the AI platforms continue to function exactly as expected.
Malicious Browser Add-Ons
Urban VPN is the most widely recognized name in this group. Marketed as a free, privacy-focused tool with a 4.7-star rating, version 5.10.3 contained a hidden JavaScript file called “content.js” that targeted conversations across eight AI platforms, including ChatGPT, Claude, Copilot, Gemini, and DeepSeek.
Data collection ran continuously in the background, regardless of whether the VPN was even switched on.
Urban VPN Chrome Web Store (Source – G Data)
The extension injected an executor script that intercepted network requests before they left the device, rerouting data through its own code.
Smart Sidebar took a similar approach: in version 1.9.6, it embedded a file called “aiResponder.js” inside a directory labeled “gptprocessor,” monitoring visits to ChatGPT and DeepSeek and capturing each chat interaction as it occurred.
Chat Collection from AI Platforms (Source – G Data)
Smart Sidebar’s collected data was encoded in Base64 and sent via a POST request to the domain “deepaichats[.]com,” already flagged by multiple security vendors on VirusTotal.
Creation of Executor Scripts for Web Injection (Source – G Data)
The encoded payload carried the unique chat ID, the AI platform visited, a timestamp, and the full conversation, forming a complete record of everything the user typed and received.
iFrame Injection and the Chat AI Threat
The third extension, AI Assistant, now called Chat AI, used a different but equally concerning approach. Despite holding a “Featured” badge from the Chrome Web Store and over 70,000 users, version 3.3.4 embedded a remotely loaded chat interface inside a hidden iframe.
It pulled user preferences from browser storage and forwarded that data to a newly registered, unverified external URL through a messaging system.
Smart Sidebar Chrome Web Store (Source – G Data)
This iframe injection allowed the extension to sit between the user and the AI platform, quietly observing everything passing through it. Because the interface looked and behaved like a real assistant, users had no reason to suspect anything was wrong.
G Data recommends installing extensions only from trusted, official sources. Applying the Principle of Least Privilege is also key, meaning extensions should only receive the minimum permissions they need for their intended function.
Users should regularly review installed add-ons and remove anything requesting access it does not need. In organizational settings, administrators should enforce group policies that restrict browser extensions from accessing sensitive platforms, including AI tools.
Indicators of Compromise (IoCs):-
Type Indicator Description
SHA256 524C953E23FF8B768206CF33A529C11AC5510E47CBF6246DB79EE671D1231716 Urban VPN malicious extension hash
Extension ID eppiocemhmnlbhjplcgkofciiegomcon Urban VPN Chrome Extension ID
Detection Script.Trojan-Stealer.AIStealer.08LJNB Urban VPN malware detection name
SHA256 C984787CCD787629542DA68302ED4CEB48FC7E458EAB1C15BF45C3070883D26A Smart Sidebar malicious extension hash
Extension ID fnmihdojmnkclgjpcoonokmkhjpjechg Smart Sidebar Chrome Extension ID
Detection Script.Trojan-Stealer.AIStealer.8HGRSW Smart Sidebar malware detection name
SHA256 F8CBE44FDE6914BC8D06426C03C92ED536C891470292E567A586B54AF29C2442 Chat AI (AI Assistant) malicious extension hash
Extension ID fnmihdojmnkclgjpcoonokmkhjpjechg Chat AI Chrome Extension ID
Detection Script.Trojan.AiFrame.703FYD Chat AI malware detection name
Domain deepaichats[.]com Exfiltration endpoint used by Smart Sidebar
URL hxxps://deepaichats[.]com/ext/aimodel POST request destination for stolen AI chat data
Note: IP addresses and domains are intentionally defanged (e.g., [.]) to prevent accidental resolution or hyperlinking. Re-fang only within controlled threat intelligence platforms such as MISP, VirusTotal, or your SIEM.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.
Tags
cyber security
cyber security news
Copy URL
Linkedin
Twitter
ReddIt
Telegram
Tushar Subhra Dutta
Tushar is a senior cybersecurity and breach reporter. He specializes in covering cybersecurity news, trends, and emerging threats, data breaches, and malware attacks. With years of experience, he brings clarity and depth to complex security topics.
Trending News
Ransomware Uses SYSTEM Scheduled Task to Encrypt Local Drives With Elevated Privileges
JINX-0164 Threat Actor Using LinkedIn Social Engineering to Deploy Custom macOS Malware
Attackers Abuse Trusted Developer Tooling to Exfiltrate Source Code and Secrets
Cisco Unified Communications Manager Vulnerability Exposed Along With PoC Exploit Code
Critical Plesk Vulnerability Let Users Execute Arbitrary Commands on the Server
Latest News
Cyber Security News
Chinese APT VerdantBamboo Uses BRICKSTORM Malware to Compromise Firewalls and Appliances
Cyber Security News
VECT 2.0 Ransomware Can Damage Files Its Own Decryptor Cannot Reliably Restore
Cyber Security News
Cisco SD-WAN Vulnerability Exploited in the Wild to Execute Arbitrary Commands as Root User
Cyber Security
Let’s Encrypt Unveils Merkle Tree Certificates to Secure the Web Against Quantum Threats
Cyber Security
Microsoft Edge Vulnerability Allows Remote Attackers to Execute Arbitrary Code