Home World USA Latin America Europe Asia Africa TV Shows Showbiz Travel Lifestyle Opinion Science Politics Health Sports Tech Entertainment Business
Tech January 9, 2026

YOUR AI SECRETS ARE BEING SOLD! Chrome Extensions EXPOSED.

YOUR AI SECRETS ARE BEING SOLD! Chrome Extensions EXPOSED.

A chilling discovery has revealed that malicious actors are exploiting the Chrome Web Store, disguising dangerous extensions as helpful tools. These imposters, designed to appear as convenient interfaces for interacting with AI chatbots like ChatGPT and DeepSeek, are secretly stealing user data and delivering it directly to criminals.

Two extensions, “Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI” and “AI Sidebar with Deepseek, ChatGPT, Claude and more,” initially appeared legitimate. One even boasted a “Featured” badge and over 600,000 users, while the other was “Verified” with 300,000 downloads. This deceptive facade masked a sinister purpose: the systematic theft of sensitive information.

The compromised extensions aren’t simply offering chatbot access; they’re meticulously recording every conversation you have with AI, along with your browsing history, search queries, and even crucial authentication data. This treasure trove of personal information can be weaponized for identity theft, sophisticated phishing attacks, and even corporate espionage.

Researchers at Ox Security uncovered that the malicious code cleverly hides within a request for “anonymous, non-identifiable analytics data.” This seemingly harmless request provides a backdoor for the attackers to siphon off valuable data, utilizing a web development platform called Lovable to obscure their operations and evade detection.

The deception doesn’t end with data theft. If a user attempts to remove one of these malicious extensions, the other automatically opens in a new tab, desperately trying to trick the user into installing it instead – a blatant attempt to maintain its foothold on the system.

Protecting yourself requires immediate action. Navigate to chrome://extensions/ in your Chrome browser and meticulously scan your installed extensions for these specific names. If found, remove them without hesitation. While these particular extensions have since been removed from the Chrome Web Store, the threat remains.

This incident underscores a disturbing trend: malicious extensions are increasingly adept at bypassing security measures, even earning trusted badges like “Featured” and “Verified.” Attackers are playing a long game, sometimes converting seemingly harmless extensions into malware years after their initial launch.

Blindly trusting ratings and reviews is no longer sufficient. Carefully scrutinize extension descriptions for misspellings or inconsistencies. Investigate the developer’s reputation and search online forums like Reddit for any reports of malicious activity. A seemingly minor detail could be a critical warning sign.

Regularly auditing your installed extensions is paramount. Remove any extensions you no longer need or recognize. The fewer extensions you have, the smaller your attack surface and the less vulnerable you become. Your digital security depends on vigilance and proactive measures.

The ease with which these malicious extensions infiltrated the Chrome Web Store serves as a stark reminder: the digital landscape is fraught with hidden dangers, and constant awareness is your strongest defense.

Share this article

UMVA MAG

UMVA Mag is your trusted source for breaking news, in-depth analysis, and compelling stories from around the world. Covering politics, business, technology, entertainment, sports, health, science, and more — we deliver journalism that matters.

Independent, Accurate, Unbiased
24/7 Breaking News Coverage
Trusted by Millions Worldwide