Malicious Chrome Extensions Mimicking ChatGPT and DeepSeek Compromise User Privacy

Cybersecurity researchers have uncovered two malicious Chrome extensions designed to impersonate popular AI tools, ChatGPT and DeepSeek. These extensions, which amassed over one million installations, surreptitiously recorded users' conversations with these AI platforms without consent. While specific technical details such as the exact names of the extensions or indicators of compromise are not disclosed in the source, the primary concern is the significant privacy violation. The extensions targeted Chrome browsers, collecting sensitive chat data that could include proprietary information, personal details, or confidential discussions. This incident underscores the growing threat of malicious browser extensions, which often exploit users' trust in popular platforms to conduct surveillance or data exfiltration. For cybersecurity professionals, this highlights the critical need for rigorous vetting of browser extensions, even those that appear legitimate. Organizations should enforce policies that restrict the installation of unverified extensions and educate users on the risks of installing third-party browser add-ons. Additionally, this case serves as a reminder of the importance of monitoring for unusual data transmissions from endpoints, as malicious extensions can operate covertly. The broader implication is the escalating use of AI-themed lures in cyberattacks, as threat actors capitalize on the widespread adoption of AI tools to distribute malware. As the cybersecurity landscape evolves, professionals must remain vigilant against social engineering tactics that exploit emerging technologies.