Back

Malicious Browser Add-Ons Exploit AI Platform Users

Severity: High (Score: 68.0)

Sources: Cybersecuritynews, Gbhackers

Published: 2026-06-05 · Updated: 2026-06-05

Keywords: malicious, browser, chatgpt, claude, copilot, gemini, deepseek

Severity indicators: ot

Summary

Malicious browser add-ons are targeting users of popular AI platforms such as ChatGPT, Claude, Copilot, Gemini, and DeepSeek. These extensions masquerade as helpful tools but are actually harvesting personal data and chat histories. Millions of users are affected, as these add-ons intercept interactions with generative AI models. The attack method involves leveraging seemingly benign Chrome extensions that operate in the background to exfiltrate sensitive information. The scope of the impact is significant, given the widespread use of these AI platforms daily. Current analysis indicates a growing trend in such malicious activities, raising alarms among cybersecurity experts. Users are advised to be cautious and review their installed extensions for potential threats. Key Points: • Malicious Chrome extensions are harvesting data from AI platform users. • Affected platforms include ChatGPT, Claude, Copilot, Gemini, and DeepSeek. • Millions of users are at risk due to the widespread use of these AI tools.

Detailed Analysis

**Impact** Users of major AI platforms including ChatGPT, Claude, Copilot, Gemini, and DeepSeek are affected by malicious browser add-ons. Millions of daily users globally risk exposure of personal conversations, work documents, and sensitive data. The data harvested includes chat histories and aggregated sensitive information, potentially impacting individual privacy and business confidentiality across multiple sectors. **Technical Details** The attack vector involves malicious Google Chrome extensions disguised as VPNs, sidebars, and AI assistants. These extensions intercept interactions with generative AI models to exfiltrate data. No specific malware names, CVEs, or infrastructure details were provided. The activity corresponds to data collection and exfiltration stages of the kill chain. No IOCs were mentioned in the articles. **Recommended Response** Defenders should immediately audit and restrict the installation of browser extensions, especially those claiming to assist with AI platforms. Deploy monitoring for unusual outbound traffic from browsers and review permissions granted to installed extensions. User awareness campaigns on the risks of unverified extensions are advised. No patch or specific detection signatures were provided.

Source articles (2)

  • Malicious Browser Add — Gbhackers · 2026-06-05
    Malicious browser add-ons are actively harvesting conversations and personal data from users of major AI platforms including ChatGPT, Claude, Copilot, Gemini, and DeepSeek. The threat leverages ostens…
  • Malicious Browser Add-Ons Target ChatGPT, Claude, Copilot, Gemini, and DeepSeek Users — Cybersecuritynews · 2026-06-05
    Millions of people now use AI platforms like ChatGPT, Claude, Copilot, Gemini, and DeepSeek every single day, sharing personal thoughts, work documents, and sensitive data without a second thought. Th…

Timeline

  • 2026-06-05 — Malicious browser add-ons identified: Research revealed that Chrome extensions are secretly harvesting user data from major AI platforms.
  • 2026-06-05 — Cybersecurity alert issued: Experts warn that millions of users are unknowingly sharing sensitive information with malicious extensions.

Related entities

  • Data Breach (Attack Type)
  • Malware (Attack Type)
  • T1041 - Exfiltration Over C2 Channel (Mitre Attack)
  • T1567 - Exfiltration Over Web Service (Mitre Attack)
  • ChatGPT (Platform)
  • Copilot (Platform)
  • Chrome (Tool)
  • Claude (Tool)
  • DeepSeek (Tool)
  • Gemini (Tool)
  • Google Chrome (Tool)
  • Chrome Extensions (Tool)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed