Urban VPN Proxy Chrome Extension Harvests AI Chatbot Conversations
The Urban VPN Proxy Chrome extension, boasting over 6 million installs and a "Featured" badge on the Chrome Web Store, was discovered secretly collecting and exfiltrating user conversations with major AI chatbots, including ChatGPT, Claude, Gemini, Microsoft Copilot, Perplexity, DeepSeek, Grok, and Meta AI. Researchers found that a silent update in July 2025 (version 5.5.0) introduced hidden code that intercepts every prompt and response exchanged with these AI platforms, along with conversation identifiers, timestamps, and session metadata. The extension, which markets itself as a privacy and security tool, continued to harvest data regardless of whether the VPN service was active, betraying user trust and bypassing normal browser security boundaries.
Captured data was sent to Urban VPN’s servers and subsequently sold to marketing analytics firms, notably BiScience, a known data broker. The malicious behavior was enabled by script injection that overrode browser APIs such as fetch() and XMLHttpRequest(), ensuring all relevant traffic was intercepted. The extension’s widespread distribution and high user ratings, combined with its presence on both Chrome and Edge marketplaces, amplified the impact of this breach. The incident highlights the risks posed by browser extensions with privileged access and the potential for abuse even among highly rated and officially endorsed add-ons.
Related Entities
Threat Actors
Sources
2 more from sources like cso online and the hacker news
Related Stories
Urban VPN Proxy Harvests AI Chatbot Conversations and Sells Data
Urban VPN Proxy, a popular browser extension marketed as a free clientless VPN for Chrome, has been found to secretly collect and sell user conversations from major AI chatbot platforms to third-party data brokers. Security researchers at Koi Security revealed that since July, the extension has harvested every prompt and response from platforms including ChatGPT, Claude, Gemini, Microsoft Copilot, Perplexity, DeepSeek, Grok, and Meta AI, impacting approximately 8 million users. The data collection occurs regardless of whether the VPN feature is enabled, and users have no option to disable this surveillance except by uninstalling the extension. Additional extensions from the same publisher, such as 1ClickVPN Proxy, Urban Browser Guard, and Urban Ad Blocker, also engage in similar data harvesting activities, despite carrying "Featured" badges in browser app stores, which typically indicate a level of trust and manual review. The exposure of this privacy violation highlights significant risks associated with browser extensions, especially those that interact with sensitive AI platforms. The incident underscores the need for stricter vetting of browser extensions and greater transparency regarding data collection practices. Users and organizations relying on browser-based AI tools should review installed extensions for potential privacy risks and consider removing those with questionable data handling practices, even if they appear reputable or highly rated in official app stores.
2 months ago
Malicious Chrome Extensions Steal ChatGPT and DeepSeek Conversations
Two rogue Chrome extensions, impersonating the legitimate AITOPIA AI sidebar tool, have compromised over 900,000 users by exfiltrating ChatGPT and DeepSeek conversations along with full browsing histories to attacker-controlled servers. The extensions, named "Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI" and "AI Sidebar with Deepseek, ChatGPT, Claude and more," request consent for "anonymous analytics" but covertly steal sensitive data, including proprietary code, business strategies, PII, and internal URLs. The malware operates by monitoring browser tabs, scraping chat content and session IDs, and sending Base64-encoded data to C2 servers every 30 minutes, exposing users to risks such as espionage, identity theft, and phishing. Researchers from OX Security discovered the threat, noting that the extensions remain available on the Chrome Web Store, with one losing its "Featured" badge after disclosure. The extensions also redirect users to each other if uninstalled, and their privacy policies are hosted on third-party sites to obscure their origins. The incident highlights the growing trend of browser extensions being used to capture AI chatbot conversations, a tactic dubbed "Prompt Poaching," and underscores the need for vigilance when installing browser add-ons, especially those requesting broad permissions under the guise of analytics or enhanced user experience.
2 months ago
Abuse of AI Chat and Summarization Features to Exfiltrate or Manipulate User Data
Security reporting warned that **browser extensions** (including free add-ons marketed for ad blocking or VPN functionality) may be overriding browser `XMLHttpRequest()` and `fetch()` calls to capture and monetize users’ full conversations with popular AI chatbots (e.g., *ChatGPT*, *Claude*, *Gemini*, *DeepSeek*). An AI expert reported the captured content was stored in a searchable database and sold via **API access**; while users were assigned pseudonymized IDs, the prompts and responses were retained in full and frequently contained highly sensitive data, including medical details, immigration status, and other personal identifiers—raising significant privacy, compliance, and data-handling risk, particularly where healthcare staff paste real patient data into chat tools. Separately, Microsoft reported a manipulation technique targeting “**Summarize with AI**” features where companies embed **hidden prompt-injection instructions** in URLs or page elements so that, when a user clicks to summarize, the AI assistant is prompted to “remember” a company as trusted or preferentially recommend it in the future. Microsoft identified **50+ unique prompts from 31 companies across 14 industries**, noting that readily available tooling makes this easy to deploy and that the impact can be subtle, persistent bias in AI recommendations on high-stakes topics (including security) without user awareness.
1 weeks ago