Malicious Browser Extensions Steal ChatGPT, Claude, and Gemini Conversations
Millions of users are at risk as malicious Google Chrome extensions secretly harvest conversations from popular AI platforms like ChatGPT, Claude, Copilot, Gemini, and DeepSeek.
A significant threat has emerged targeting users of leading AI platforms, with malicious Google Chrome extensions actively harvesting sensitive conversations. Extensions such as Urban VPN, Smart Sidebar, and Chat AI, despite appearing legitimate and boasting high ratings, are secretly collecting user data, including personal and business information. This data is then transmitted to unknown servers, creating substantial risks of fraud, blackmail, and corporate espionage.
The scale of this threat is amplified by the widespread adoption of AI tools. As of March 2026, AI-related Chrome extensions had amassed approximately 115 million users globally, according to Chrome Statistics 2026. This vast user base presents an attractive target for threat actors seeking to acquire valuable data with minimal effort and detection.
Researchers at G Data exposed three specific extensions involved in this operation: Urban VPN, Smart Sidebar: ChatGPT, Claude and DeepSeek, and AI Assistant, now rebranded as Chat AI. These add-ons maintained strong ratings and large user counts on the Chrome Web Store, lending them a false sense of credibility while their malicious activities went unnoticed.
The danger lies in the nature of the information being compromised. Users frequently share deeply personal details, confidential business data, and sensitive medical information with AI platforms. Interception of these conversations grants attackers access to material that can be easily weaponized for malicious purposes.
The method employed by these extensions is sophisticated and deliberate. They inject scripts into the browser to intercept outgoing network requests, siphoning off conversation data before it reaches its intended destination. Users are unlikely to notice, as the AI platforms continue to function normally.
Urban VPN, a widely recognized name, was found to contain a hidden JavaScript file in version 5.10.3 that targeted conversations across eight AI platforms. The data collection ran continuously in the background, even when the VPN was not active. Similarly, Smart Sidebar (version 1.9.6) embedded a script that monitored and captured chat interactions with ChatGPT and DeepSeek, sending encoded data to the domain "deepaichats[.]com."
AI Assistant, now Chat AI, utilized a different tactic by embedding a remotely loaded chat interface within a hidden iframe. This allowed the extension to act as a silent observer between the user and the AI platform, capturing all transmitted data. The extension's legitimate appearance and functionality masked its data-harvesting capabilities.
Security experts recommend installing browser extensions only from trusted sources and adhering to the principle of least privilege, granting extensions only necessary permissions. Regular review and removal of unnecessary add-ons are crucial. For organizations, enforcing group policies to restrict extensions from accessing sensitive platforms, including AI tools, is advised.