Executive Summary

Security researchers from OX Security have exposed a large-scale data theft operation affecting over 900,000 users of Google Chrome. The campaign utilized two malicious browser extensions, "Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI" and "AI Sidebar with Deepseek, ChatGPT, Claude and more," which masqueraded as legitimate AI tools. Once installed, these extensions would steal complete conversation transcripts from AI services like ChatGPT and DeepSeek, as well as general browsing data. All stolen information was exfiltrated to an attacker-controlled server, deepaichats[.]com. The incident highlights the growing risk of malicious browser extensions, especially as users increasingly adopt AI-related tools.

Threat Overview

The attack leveraged the trust users place in the official Chrome Web Store, with one of the malicious extensions even gaining a "Featured" badge, which likely boosted its installation numbers. The two extensions successfully impersonated a legitimate tool called AITOPIA, deceiving users into granting them broad permissions.

• Extension 1: "Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI" (600,000+ installations)
• Extension 2: "AI Sidebar with Deepseek, ChatGPT, Claude and more" (300,000+ installations)

The primary goal of the malware was to harvest data from popular AI chat platforms. As employees and individuals increasingly use these tools for work, the stolen data could include proprietary source code, confidential business strategies, marketing plans, and personally identifiable information (PII).

Technical Analysis

The core of the malware's operation was its permission request to "read and change all your data on all websites." Once granted, the extensions used this access to:

1. Inject Malicious Scripts: The extensions would inject scripts into web pages, specifically targeting AI chat application interfaces. (T1176 - Browser Extensions)
2. Scrape Content: The scripts would monitor the DOM (Document Object Model) of the AI chat pages in real-time, capturing the full text of both user prompts and AI responses.
3. Monitor Browsing Activity: Beyond AI chats, the extensions also logged all visited URLs and search queries, potentially capturing session tokens or other sensitive information passed in URLs.
4. Stage and Exfiltrate: The stolen data was stored locally within the browser's storage before being periodically exfiltrated every 30 minutes to a hardcoded command-and-control (C2) server at deepaichats[.]com. (T1041 - Exfiltration Over C2 Channel)

Impact Assessment

The compromise of over 900,000 users represents a significant data breach with far-reaching consequences:

• Corporate Espionage: Stolen business plans, financial data, and source code could be sold to competitors or used for extortion.
• Privacy Invasion: The theft of personal conversations and browsing history is a massive violation of user privacy.
• Credential Theft: While not the primary goal, the monitoring of all web traffic could lead to the capture of credentials or session cookies, enabling account takeovers.
• Supply Chain Risk: If developers were among the victims, stolen API keys or credentials from their conversations could lead to broader software supply chain attacks.

IOCs

Detection & Response

1. Extension Auditing: Organizations should use browser management tools or scripts to audit all installed extensions on corporate devices. Look for the two malicious extensions by name and remove them immediately.
2. Permission Review: Educate users to regularly review the permissions granted to their browser extensions. Extensions requesting to read data on all websites should be treated with extreme caution.
3. Network Monitoring: Monitor DNS logs and web proxy logs for any connections to the C2 domain deepaichats[.]com. Block this domain at the network perimeter. (D3-DNSDL: DNS Denylisting)
4. Credential Rotation: Users who had these extensions installed should be advised to change passwords for any sensitive accounts they accessed while the extensions were active, especially for their Google accounts.

Mitigation

1. Extension Allowlisting: For enterprise environments, implement a policy to only allow the installation of a pre-approved list of vetted browser extensions. (D3-EAL: Executable Allowlisting applied to extensions)
2. User Education: Train users on the dangers of browser extensions and how to spot red flags, such as requesting excessive permissions, impersonating popular apps, or having fake reviews.
3. Principle of Least Privilege: Encourage users to install only extensions that are essential for their work and to select tools that request the minimum necessary permissions.
4. Endpoint Security: Utilize EDR or other endpoint security solutions that have visibility into browser processes and can detect or block suspicious activities like data scraping and unauthorized network connections.