%20--%3e%3cdefs%3e%3cstyle%3e%20.st0%20{%20fill:%20%23061b40;%20}%20.st1%20{%20fill:%20%23306af1;%20}%20.st2%20{%20fill:%20%235ce5cf;%20}%20%3c/style%3e%3c/defs%3e%3cg%3e%3cpath%20class='st0'%20d='M55,10.5h9v3h-9v9h12V7.5h-12v3ZM64,19.5h-6v-3h6v3Z'/%3e%3cpolygon%20class='st0'%20points='69%2016.5%2078%2016.5%2078%2019.5%2069%2019.5%2069%2022.5%2081%2022.5%2081%2013.5%2072%2013.5%2072%2010.5%2081%2010.5%2081%207.5%2069%207.5%2069%2016.5'/%3e%3cpolygon%20class='st0'%20points='95%2010.5%2095%207.5%2083%207.5%2083%2022.5%2095%2022.5%2095%2019.5%2086%2019.5%2086%2016.5%2095%2016.5%2095%2013.5%2086%2013.5%2086%2010.5%2095%2010.5'/%3e%3cpath%20class='st0'%20d='M40,1.5v21h11.6l1.4-1.4v-7.6h0c0,0-1.4-1.5-1.4-1.5l1.4-1.4V2.9l-1.4-1.4h-11.6ZM50,19.5h-7v-6h7v6ZM50,10.5h-7v-6h7v6Z'/%3e%3c/g%3e%3cpath%20class='st1'%20d='M23.1,24L14.7,4.8l-4.9,11.2h3.8l-1.8,4H3.3L12.1,0H2C.9,0,0,.9,0,2v20c0,1.1.9,2,2,2h21.1Z'/%3e%3cpath%20class='st2'%20d='M34,0h-16.8l10.6,24h6.2c1.1,0,2-.9,2-2V2C36,.9,35.1,0,34,0ZM32.5,20h-4V4h4v16Z'/%3e%3c/svg%3e)
Recently, the OX Security team issued a warning, pointing out that two malicious extensions disguised as legitimate AI tools were found in the Chrome Web Store, with over 900,000 downloads. These two extensions specifically target popular large models such as ChatGPT and DeepSeek to steal data, posing a serious threat to user privacy.
The two malicious extensions are named "Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI" and "AI Sidebar with Deepseek, ChatGPT, Claude and more". They claim to provide AI sidebar services, but in reality, they secretly steal data in the background without the user's knowledge. One of these extensions has been downloaded over 600,000 times and has received the "Featured" badge from the Google Chrome Store, leading many users to mistakenly believe it is a legitimate tool, thus falling into the trap.
The attackers used sophisticated methods by completely copying the functionality and interface of the legitimate extension "AITOPIA" to deceive users into downloading and using them. The malicious code was cleverly hidden behind the request for "collecting anonymous analytics data." Once the user agrees, the add-on can use high-level permissions to read all website content and capture users' chat records in real time.
More dangerously, these extensions not only steal AI chat records but also regularly send users' complete browser tab URLs, search keywords (including sensitive words), and URL parameters that may contain session tokens to a remote command and control (C2) server. This means that users' personal information, company internal structures, and even sensitive data could be exposed, causing serious security risks, and potentially being used for commercial espionage or phishing attacks.
Notably, these two extensions have now been removed, but their existence has undoubtedly served as a warning to many users. When downloading extensions, users should be more careful and ensure they come from trusted sources to avoid becoming the next victim.