The dangerous extensions were designed to look like helpful productivity tools that integrate artificial intelligence into the browser, offering features such as AI chat, writing assistance, or summarization.
Instead of performing useful tasks, the add‑ons collected sensitive data from interactions with popular AI platforms like ChatGPT and DeepSeek, including full conversation histories, prompts, responses, and even visited web page URLs.
These malicious extensions reached users through the Chrome Web Store, where they mimicked the branding and descriptions of legitimate AI tools to avoid suspicion.
Because browsers like Google Chrome and Microsoft Edge are built on similar Chromium architecture, the extensions were easily downloadable across both browsers, exposing individuals and organizations alike.
Once installed, the extensions operated quietly in the background, monitoring user activity. They logged browsing data and segments of AI chat content and then periodically uploaded that information to remote servers controlled by attackers. Researchers found that data was transmitted to suspicious domains making it appear like normal internet traffic and harder to detect.
Microsoft’s telemetry also showed that this malicious campaign extended beyond individuals to the corporate world, impacting more than 20,000 enterprise tenants whose employees regularly interact with AI tools using sensitive inputs.
The risk is significant: companies often paste proprietary code, internal workflows, strategic discussions, and other confidential material into AI chatbots, and these extensions can expose that material to attackers without users realizing it.
Unlike typical malware that tries to hide aggressively, these extensions behaved like ordinary add‑ons. Once installed, they automatically reloaded with every browser session and continued collecting data over extended periods without clear signs of malicious behavior.
To mitigate the threat, Microsoft urged organizations to take several defensive steps; audit and remove unverified browser extensions, enforce restrictions on extension installations through enterprise policies, monitor network traffic for connections to known malicious domains, and educate employees about the risks of installing untrusted AI tools.
Leave a Reply