This new malware campaign is stealing chat logs via Chrome extensions

News
By published

Almost a million people are affected

AI agents in the workfplace
(Image credit: Getty Images / champpixs)
  • Researchers warn of rising “prompt poaching,” where malicious extensions steal AI chatbot conversations
  • Two spoofed Chrome add-ons with ~900K users exfiltrated prompts and tab data every 30 minutes to C2 servers
  • Similar cases (e.g., Urban VPN Proxy) show even highly rated extensions on official stores can harvest chats, credentials, and payment data

A new malicious practice has emerged called “Prompt poaching” - where extensions, add-ons, and other apps, eavesdrop on people’s conversations with AI chatbots and exfiltrate their prompts for various purposes.

This is growing increasingly popular, as researchers find more extensions with hundreds of thousands of users.

Researchers from OX Security recently found two Chrome extensions, with more than 900,000 users, cumulatively. They are called “Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI”, and “AI Sidebar with Deepseek, ChatGPT, Claude, and more”.

An increase in malicious extensions

Apparently, these two are spoofing a legitimate browser add-on called “Chat with all AI models (Gemini, Claude, DeepSeek…) & AI Agents” from AITOPIA, which has roughly a million users. The only difference is that these two are hiding the fact that they’re grabbing people’s prompts behind “improvements to the sidebar experience.”

The extensions "were found exfiltrating user conversations and all Chrome tab URLs to a remote C2 server every 30 minutes," OX Security said in its writeup. "The malware adds malicious capabilities by requesting consent for 'anonymous, non-identifiable analytics data' while actually exfiltrating complete conversation content from ChatGPT and DeepSeek sessions."

Indeed, when installed, the extensions ask the users for permissions to collect anonymized browser behavior, and if the users accept, the extensions start harvesting information about open browser tabs and prompts.

We’re seeing more and more of these malicious extensions in recent times. In mid-December 2025, researchers discovered that Urban VPN Proxy, a tool with more than six million installations and a 4.7/5 rating on the Google Chrome Web Store, was harvesting AI chats. Numerous other extensions were seen stealing login credentials, or payment data, and some were even sending screenshots of infected devices to the attackers.

What makes the practice particularly worrisome is the fact that most of these extensions were found on reputable browser stores.

Via The Hacker News

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.