Malicious ChatGPT Ad Blocker Chrome Extension Stole User Conversations
Researchers reported that a fake Chrome extension called "ChatGPT Ad Blocker" posed as a tool to remove ads from ChatGPT while secretly harvesting users' prompts and responses. The extension reportedly cloned the ChatGPT page DOM, extracted conversation text, and exfiltrated chats longer than 150 characters to a private Discord channel using a bot identified as Captain Hook, turning a supposed privacy tool into a straightforward data-theft mechanism.
The campaign appears to have capitalized on interest around ChatGPT advertising by luring users with bogus ad-blocking functionality. DomainTools linked the operation to suspicious domains including blockaiads.com, openadblock.com, and gptadblock.com, and found the extension checked a GitHub-hosted file hourly for remote instructions, suggesting active attacker control and the ability to update behavior over time. The developer account was reportedly tied to the handle krittinkalra and associated with AI platforms Writecream and AI4ChatCo, although no evidence was cited that those other apps also stole data.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
Technical analysis reveals Discord exfiltration and remote control behavior
Further reporting described how the extension sent conversations longer than 150 characters to a Discord bot named Captain Hook and checked a GitHub file hourly for remote instructions. Researchers also tied the extension to a developer account using the handle "krittinkalra" and warned users to avoid third-party tools associated with that developer.
Malicious 'ChatGPT Ad Blocker' extension campaign identified
DomainTools Investigations identified a malicious Chrome extension called "ChatGPT Ad Blocker" that impersonated an ad-blocking tool for ChatGPT while covertly stealing users' conversations. The extension cloned ChatGPT page content and exfiltrated prompts and responses to a private Discord channel, with infrastructure linked to domains such as blockaiads.com, openadblock.com, and gptadblock.com.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
Malicious Chrome extension steals ChatGPT conversations | brief | SC Media
scworld.com
Open sourceFake ChatGPT Ad Blocker Chrome Extension Caught Spying on Users
hackread.com
Open sourceSecuritySnack - OpenAI Anti-Ads Malware - Infosec.Pub
infosec.pub
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Malicious Chrome Extensions Stole Conversations From ChatGPT, Claude, Gemini, and DeepSeek
Researchers reported that several AI-themed browser extensions in official marketplaces covertly harvested user conversations from generative AI services including **ChatGPT, Claude, Copilot, Gemini, and DeepSeek**. G Data identified **Urban VPN**, **Smart Sidebar: ChatGPT, Claude and DeepSeek**, and **AI Assistant/Chat AI** as examples that remained outwardly functional while injecting scripts, intercepting requests, tampering with page content, or using hidden iframes to capture prompts and responses from visited AI sites. Investigators said the stolen data included conversation IDs, hostnames, timestamps, and full chat histories, with some payloads encoded in Base64 and sent to external servers. The extensions reportedly had strong ratings, large user bases, and in one case a Chrome Web Store **Featured** badge, underscoring how official store vetting can miss dynamic malicious behavior such as remote iframe communications; researchers warned that AI-focused extensions now expose a broad attack surface and urged enterprises to enforce strict extension allow-listing, minimize permissions, and remove unnecessary add-ons from systems accessing sensitive AI platforms.
Jun 15, 2026
Malicious Chrome Extensions Steal ChatGPT and DeepSeek Conversations
Two rogue Chrome extensions, impersonating the legitimate AITOPIA AI sidebar tool, have compromised over 900,000 users by exfiltrating ChatGPT and DeepSeek conversations along with full browsing histories to attacker-controlled servers. The extensions, named "Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI" and "AI Sidebar with Deepseek, ChatGPT, Claude and more," request consent for "anonymous analytics" but covertly steal sensitive data, including proprietary code, business strategies, PII, and internal URLs. The malware operates by monitoring browser tabs, scraping chat content and session IDs, and sending Base64-encoded data to C2 servers every 30 minutes, exposing users to risks such as espionage, identity theft, and phishing. Researchers from OX Security discovered the threat, noting that the extensions remain available on the Chrome Web Store, with one losing its "Featured" badge after disclosure. The extensions also redirect users to each other if uninstalled, and their privacy policies are hosted on third-party sites to obscure their origins. The incident highlights the growing trend of browser extensions being used to capture AI chatbot conversations, a tactic dubbed "Prompt Poaching," and underscores the need for vigilance when installing browser add-ons, especially those requesting broad permissions under the guise of analytics or enhanced user experience.
Mar 21, 2026
Malicious Chrome Extensions Used for Credential Theft and Website Spoofing
Security researchers reported a surge in **malicious Chrome extensions** abusing high-privilege browser permissions to steal credentials and hijack authenticated sessions. LayerX identified at least **16 ChatGPT-related extensions** that mimic legitimate productivity tools and brands, then inject scripts into `chatgpt.com` to monitor outbound web requests and **exfiltrate authorization details and session tokens** to attacker-controlled infrastructure. With stolen tokens, attackers can impersonate victims’ ChatGPT sessions and potentially access connected data sources (e.g., integrations with *Slack* and *GitHub*), expanding impact beyond the AI service itself. Separately, Varonis documented a **malware-as-a-service** browser-extension toolkit dubbed **Stanley** being sold on Russian-language cybercrime forums, marketed to enable large-scale credential theft by **showing a phishing site while the URL bar continues to display the legitimate domain**. The toolkit uses a web-based control panel to configure per-victim “source” (legitimate) and “target” (phishing) URLs, then overlays a full-screen iframe to spoof the destination site; the seller also claims “guaranteed” placement in the **Chrome Web Store**, increasing the likelihood of user installation and enterprise exposure.
Mar 21, 2026