Two malicious Chrome extensions masquerading as AI assistant tools have stolen conversations with ChatGPT and DeepSeek from approximately 900,000 users, according to cybersecurity researchers who discovered the campaign on December 29, 2025.
OX Security uncovered the malware during routine threat analysis, finding that the extensions impersonated AITOPIA, a legitimate Chrome extension that provides an AI sidebar for interacting with multiple chatbots. The malicious versions not only replicated AITOPIA's functionality but also secretly exfiltrated sensitive chat data, browsing activity, and session tokens to attacker-controlled servers every 30 minutes.
Featured Extension Among Culprits
The two extensions identified in the campaign are "Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI" with 600,000 installs and "AI Sidebar with Deepseek, ChatGPT, Claude, and more" with 300,000 installs. Alarmingly, one of the malicious extensions carried Google's "Featured" badge, a designation meant to signal compliance with best security practices.
OX Security reported the extensions to Google on December 29, but as of December 30, both remained publicly available on the Chrome Web Store. The extensions manipulated Chrome's permissions system by requesting access under the guise of collecting "anonymous, non-identifiable analytics," which they then abused for widespread surveillance.
The malware scraped chat content directly from the browser's Document Object Model when users visited ChatGPT or DeepSeek platforms. The stolen data, including browsing URLs and potentially internal corporate information, was encoded in Base64 and transmitted to command-and-control servers at deepaichats[.]com and chatsaigpt[.]com.
Growing Threat Landscape
This incident follows a similar discovery earlier in December, when cybersecurity firm Koi Security revealed that several "free VPN" Chrome and Edge extensions with over 8 million downloads had been capturing AI chat conversations since July 2025. The Urban VPN Proxy extension, which also carried a "Featured" badge, intercepted conversations from ChatGPT, Claude, Gemini, Microsoft Copilot, Perplexity, DeepSeek, Grok, and Meta AI.
Security researchers have increasingly warned about browser extensions as an unmanaged risk layer for enterprises. A 2025 Enterprise Browser Extension Security Report found that 99% of enterprise users have at least one browser extension installed, with 53% of those extensions having "high" or "critical" risk permissions. The report also noted that 51% of all extensions have not received updates in over a year.
The persistent threat of malicious extensions exploiting automatic update mechanisms has made detection particularly challenging. Once installed, extensions can receive silent updates that introduce malicious code without user approval, a tactic known as "sleeper agent" attacks.