EXECUTIVE SUMMARY:
A malicious browser extension campaign has been observed targeting users of popular AI platforms by disguising itself as legitimate productivity, VPN, and AI-assistant tools. These extensions present themselves as helpful utilities designed to enhance browsing, automate tasks, or improve interactions with AI services. However, behind their advertised functionality, they covertly monitor and harvest conversations exchanged with widely used AI platforms, creating significant privacy and security risks for individuals and organizations that rely on AI assistants for sensitive discussions and business operations.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
A malicious browser extension campaign has been observed targeting users of popular AI platforms by disguising itself as legitimate productivity, VPN, and AI-assistant tools. These extensions present themselves as helpful utilities designed to enhance browsing, automate tasks, or improve interactions with AI services. However, behind their advertised functionality, they covertly monitor and harvest conversations exchanged with widely used AI platforms, creating significant privacy and security risks for individuals and organizations that rely on AI assistants for sensitive discussions and business operations.[emaillocker id="1283"]
The malicious add-ons operate by identifying visits to popular AI services and injecting scripts into browser sessions. These scripts intercept prompts, responses, and related communication data before they are transmitted between users and AI platforms. The extensions target multiple AI services, including ChatGPT, Claude, Gemini, Copilot, DeepSeek, Grok, Perplexity, and Meta AI. Some extensions continue collecting data regardless of whether their advertised features are actively enabled. By modifying browser network requests and routing communications through extension-controlled code, the operators gain visibility into user interactions and can exfiltrate sensitive information to external servers. Several extensions were found masquerading as trusted productivity or privacy tools, leveraging high user ratings and large installation counts to build credibility while secretly conducting surveillance activities.
This activity highlights the growing risk posed by browser extensions operating within AI ecosystems. Organizations and individuals should carefully evaluate extension permissions, limit the installation of unnecessary browser add-ons, and regularly review installed extensions for suspicious behavior. Since AI conversations often contain valuable personal and corporate information, malicious extensions capable of intercepting these interactions can become an effective channel for data theft, surveillance, and potential downstream cyberattacks.
THREAT PROFILE:
| Tactic | Technique Id | Technique | Sub-technique |
| Resource Development | T1583.006 | Acquire Infrastructure | Web Services |
| Initial Access | T1189 | Drive-by Compromise | - |
| T1199 | Trusted Relationship | - | |
| Execution | T1059.007 | Command and Scripting Interpreter | JavaScript |
| Stealth | T1036.005 | Masquerading | Match Legitimate Resource Name or Location |
| Credential Access | T1557.001 | Adversary-in-the-Middle | Name Resolution Poisoning and SMB Relay |
| Command and Control | T1102.001 | Web Service | Dead Drop Resolver |
| T1071.001 | Application Layer Protocol | Web Protocols | |
| Exfiltration | T1041 | Exfiltration Over C2 Channel | - |
REFERENCES:
The following reports contain further technical details:
https://cybersecuritynews.com/malicious-browser-add-ons-target-chatgpt/
https://blog.gdatasoftware.com/2026/06/38428-browser-addons-spy-on-ai-chats
[/emaillocker]