Malicious Chrome Extension “ChatGPT Ad Blocker” Targets Users, Steals Conversations

Security researchers have exposed a malicious Google Chrome extension dubbed “ChatGPT Ad Blocker,” which stealthily pilfers private AI dialogues.

The malware cleverly masquerades as a beneficial tool, leveraging OpenAI’s recent rollout of advertisements for free-tier users. Contrary to its promises, the extension harvests user prompts, chat histories, and metadata rather than blocking ads.

How the Malware Operates

Its technical execution involves remote manipulation and covert data extraction. Upon installation, the extension immediately establishes a persistent background alarm mechanism.

Malicious Chrome Extension (Source: domaintools )
Malicious Chrome Extension (Source: domaintools )

This alarm triggers every 60 minutes to retrieve a configuration file from a GitHub repository. By dynamically updating this file, the attacker can silently modify the extension’s behavior without triggering user suspicion.

Email Domain (Source: domaintools )

When a victim accesses the ChatGPT interface, the extension injects a hidden script that completely disables the advertised ad-blocking feature. Instead, the script clones the webpage’s underlying HTML structure, stripping images and styles while preserving all conversational text.

Stolen data is packaged into a file named “page_dump.html” and transmitted via a hardcoded webhook to a private Discord channel. There, an automated bot announces “New Ad Report Received,” while secretly delivering victims’ private chats to the attackers.

The automated bot in the Discord channel announces
The automated bot in the Discord channel announces “New Ad Report Received” (Source: DomainTools)

The malicious extension is linked to a developer using the GitHub handle krittinkalra. Investigators identified highly suspicious activity on this account, which had been dormant for years before suddenly pivoting from Android development to JavaScript malware.

This developer is also publicly associated with AI4ChatCo and Writecream—services handling user data and integrating with AI models. Security experts stress urgent concerns about potential widespread privacy violations across the developer’s software ecosystem.

Staying Safe

To safeguard your privacy and secure your AI interactions, adhere to these best practices:

  • Exercise extreme caution with browser extensions claiming to block ads on high-profile platforms.
  • Treat affiliated services like AI4ChatCo and Writecream as high-risk until verified secure through audits.
  • Avoid third-party AI add-ons requiring broad permissions, as they can be exploited to access private data.

Related Articles

Back to top button
kd VtchBef G WSkV Gvll P