Web browsers
01.07.2026 19:52

Share with others:

Share

Fake extensions covertly record your conversations with artificial intelligence

The malicious Vigilante code will convince you to access the most famous pirate sites.
The malicious Vigilante code will convince you to access the most famous pirate sites.

Researchers at security firm MalExt Sentry have uncovered a malicious campaign targeting users of modern AI services. Two extensions exploited the trust of people who simply wanted a cleaner web browsing experience without annoying ads. While the programs actually blocked ad content using publicly available filters, they were carrying out extensive spying in the background. To hide their actions, they offered users the innocent option of opting in to “enhanced protection,” which made no mention of collecting chat data.

The first and significantly more widespread application is called “Smart Adblocker” (with the ID code iojpcjjdfhlcbgjnpngcmaojmlokmeii), which was installed by about 80,000 people. The second abused extension is called “Adblock for Browser” (with the ID code jcbjcocinigpbgfpnhlpagidbmlngnnn), which had about 10,000 users. Both used the same backend infrastructure and a hidden data drive, which experts internally named “Panel 231”.

The embedded mechanism targeted eight established AI platforms, namely ChatGPT, Gemini, Claude, Copilot, Perplexity, DeepSeek, Grok and Meta AI. The tool directly connected to the data traffic of the aforementioned websites and transcribed entire conversations. The system was able to store up to 10,000 characters for user questions and up to 30,000 characters for AI answers. In addition to the content itself, the extensions also recorded data about the AI model used and information about whether the user had a paid subscription. All this data was then transferred to the malicious servers.

What's particularly insidious is that the Firefox versions explicitly claimed not to collect any data, while doing the exact opposite. Because people often enter very personal things into AI chats, from health and financial issues to work logins, passwords, and internal company data. This makes such abuses a huge risk.

If you have either of these extensions installed, remove them immediately. Instead, opt for established, open-source solutions for blocking ads.


Interested in more from this topic?
information security cyber security


What are others reading?