TL;DR: Two Chrome extensions with 900,000 combined users were caught stealing every ChatGPT and DeepSeek conversation, exfiltrating data to attacker-controlled servers every 30 minutes. The extensions ("Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI" and "AI Sidebar with Deepseek, ChatGPT, Claude and more") impersonated a legitimate AI tool. One had a "Featured" badge from Google. They've been removed from the Chrome Web Store, but if you installed them, they're still on your machine. Your prompts, your AI responses, your browsing history: all captured and shipped off.
Your AI Assistant Was Spying on You
Security researcher Moshe Siman Tov Bustan from OX Security discovered two Chrome extensions that looked like helpful AI tools but were actually surveillance malware.[1]
The extensions promised to integrate ChatGPT, Claude, and DeepSeek into your browser. What they actually did: scrape every conversation you had with those AI services and send the data to attacker-controlled servers.
Every 30 minutes, the malware would:
- Extract conversation content directly from the webpage DOM
- Capture all Chrome tab URLs you visited
- Package everything up and ship it to command-and-control servers
The technique is called "Prompt Poaching," a term coined by Secure Annex researcher John Tuckner.[2]
The Malicious Extensions
Extension #1
Name: Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI
ID: fnmihdojmnkclgjpcoonokmkhjpjechg
Users: 600,000
Status: Had a "Featured" badge from Google
Extension #2
Name: AI Sidebar with Deepseek, ChatGPT, Claude and more
ID: inhcgfpbfdjbjogdfjbclgolkmhnooop
Users: 300,000
Status: Impersonated legitimate AITOPIA extension
Both extensions impersonated AITOPIA, a legitimate AI browser tool. They copied the branding, copied the functionality, and added surveillance on top.[1]
What Got Captured
OX Security's analysis found the malware was harvesting:[1]
- Full conversation content: Every prompt you typed, every AI response you received
- Session metadata: Timestamps, session tokens, account identifiers
- Browsing history: Every Chrome tab URL you opened
- Usage patterns: When you use AI tools, how you use them
The stolen data went to attacker-controlled domains: chatsaigpt[.]com, deepaichats[.]com, chataigpt[.]pro, and chatgptsidebar[.]pro.[1]
Why This Is Worse Than a Regular Breach
People tell AI assistants things they don't tell anyone else.
Work emails they need help drafting. Code they're debugging. Legal questions. Medical concerns. Relationship advice. Financial planning. Business strategies.
"This data can be weaponized for corporate espionage, identity theft, targeted phishing campaigns, or sold on underground forums," OX Security wrote in their analysis.[1]
If your company uses ChatGPT and any employee installed these extensions, your intellectual property, customer data, and confidential business information may have been captured.
Every question asked. Every document summarized. Every code snippet debugged. Sent to criminals every 30 minutes for months.
How Malware Gets a "Featured" Badge
Google's Chrome Web Store has a review process. It combines automated and manual checks. It's supposed to catch exactly this kind of malware.
It didn't.
One of these extensions had a "Featured" badge, Google's stamp of approval that signals an extension is "a great experience that follows our technical best practices."[3]
600,000 people installed an extension Google personally vouched for. That extension was stealing their AI conversations.
Google has removed both extensions, but the damage is done. And if you already installed them, they're still on your machine until you manually remove them.
What You Should Do Right Now
Check Your Extensions
Go to chrome://extensions and look for these extension IDs: fnmihdojmnkclgjpcoonokmkhjpjechg or inhcgfpbfdjbjogdfjbclgolkmhnooop. If you find them, remove immediately.
Audit All AI Extensions
Any extension that promises AI assistant features could be doing this. Check reviews, verify publisher identity, be skeptical of copycats.
Rotate Credentials
If you used ChatGPT or DeepSeek with these extensions installed, change those account passwords. The malware captured session tokens.
Assume Exposure
Whatever you discussed with AI while these extensions were installed, assume it's been captured. Act accordingly.
Additional steps:
- Review extension permissions: Extensions that can "read and change all your data on all websites" can do exactly what these did
- Use AI tools in incognito: Extensions don't run in incognito mode by default
- Consider official apps: ChatGPT has desktop apps that don't rely on browser extensions
- Notify your employer: If you used work AI accounts with these installed, your IT team needs to know
This Keeps Happening
In December 2025, a separate Chrome extension originally meant for privacy protection shipped a malicious update that started capturing conversations from eight AI platforms: ChatGPT, Claude, Gemini, Copilot, Perplexity, DeepSeek, Grok, and Meta AI.[2]
The attack vector is simple: people want convenient AI tools. Chrome extensions provide that convenience. And once installed, an extension can watch everything you do in your browser.
Google can remove malicious extensions after discovery. But discovery usually happens after hundreds of thousands of people have already been compromised.