Malicious Chrome Extensions Steal ChatGPT Conversations

Keypoints

• OX Security identified two malicious Chrome extensions impersonating AITOPIA that capture ChatGPT and DeepSeek conversation content plus all Chrome tab URLs and exfiltrate them to a remote C2 every 30 minutes.
• The campaign includes “Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI” (≈600,000+ users, Featured badge) and “AI Sidebar with Deepseek, ChatGPT, Claude and more” (≈300,000+ users).
• Malicious behavior is enabled by requesting consent for “anonymous, non-identifiable analytics” while generating a unique user ID (“gptChatId”), reading URLs and DOM chat elements, storing data locally, then sending batches to the attacker C2.
• Attacker infrastructure uses Lovable-hosted pages (chataigpt[.]pro, chatgptsidebar[.]pro) and C2 endpoints (deepaichats[.]com, chatsaigpt[.]com) to obscure attribution.
• Privacy policies misrepresent data collection (claiming no personal data collection or local-only storage) and reference AITOPIA to increase legitimacy; uninstalling one malicious extension redirects users to install the other.
• Immediate remediation: remove the extensions (via the Chrome Web Store or chrome://extensions), avoid installing unknown extensions even if Featured, and note Google was notified 2025-12-29 and had the issue under review.