{"id":2000104468,"date":"2026-03-07T12:34:00","date_gmt":"2026-03-07T10:34:00","guid":{"rendered":"https:\/\/new.igihe.com\/?p=2000104468"},"modified":"2026-03-07T09:52:32","modified_gmt":"2026-03-07T07:52:32","slug":"microsoft-warns-nearly-900000-users-of-fake-ai-chrome-extensions-stealing-data","status":"publish","type":"post","link":"https:\/\/new.igihe.com\/english\/microsoft-warns-nearly-900000-users-of-fake-ai-chrome-extensions-stealing-data\/","title":{"rendered":"Microsoft warns nearly 900,000 users of fake AI Chrome extensions stealing data"},"content":{"rendered":"\n<p>The dangerous extensions were designed to look like helpful productivity tools that integrate artificial intelligence into the browser, offering features such as AI chat, writing assistance, or summarization. <\/p>\n\n\n\n<p>Instead of performing useful tasks, the add\u2011ons collected sensitive data from interactions with popular AI platforms like ChatGPT and DeepSeek, including full conversation histories, prompts, responses, and even visited web page URLs. <\/p>\n\n\n\n<p>These malicious extensions reached users through the Chrome Web Store, where they mimicked the branding and descriptions of legitimate AI tools to avoid suspicion. <\/p>\n\n\n\n<p>Because browsers like Google Chrome and Microsoft Edge are built on similar Chromium architecture, the extensions were easily downloadable across both browsers, exposing individuals and organizations alike.<\/p>\n\n\n\n<p>Once installed, the extensions operated quietly in the background, monitoring user activity. They logged browsing data and segments of AI chat content and then periodically uploaded that information to remote servers controlled by attackers. Researchers found that data was transmitted to suspicious domains&nbsp; making it appear like normal internet traffic and harder to detect.<\/p>\n\n\n\n<p>Microsoft\u2019s telemetry also showed that this malicious campaign extended beyond individuals to the corporate world, impacting more than 20,000 enterprise tenants whose employees regularly interact with AI tools using sensitive inputs. <\/p>\n\n\n\n<p>The risk is significant: companies often paste proprietary code, internal workflows, strategic discussions, and other confidential material into AI chatbots, and these extensions can expose that material to attackers without users realizing it.<\/p>\n\n\n\n<p>Unlike typical malware that tries to hide aggressively, these extensions behaved like ordinary add\u2011ons. Once installed, they automatically reloaded with every browser session and continued collecting data over extended periods without clear signs of malicious behavior.<\/p>\n\n\n\n<p>To mitigate the threat, Microsoft urged organizations to take several defensive steps; audit and remove unverified browser extensions, enforce restrictions on extension installations through enterprise policies, monitor network traffic for connections to known malicious domains, and educate employees about the risks of installing untrusted AI tools.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"297\" height=\"170\" src=\"https:\/\/new.igihe.com\/english\/wp-content\/uploads\/2026\/03\/images-1.jpg\" alt=\"\" class=\"wp-image-2000104472\" style=\"aspect-ratio:1.7472881044309616;width:645px;height:auto\"\/><figcaption class=\"wp-element-caption\">Microsoft warns that 900,000 Chrome AI extensions are monitoring ChatGPT conversations.<\/figcaption><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft has issued a major cybersecurity warning after discovering that nearly 900,000 people installed malicious Chrome browser extensions disguised as legitimate AI assistant tools, which quietly harvested users\u2019 chat conversations and browsing information. The alert came from the Microsoft Defender Security Research Team, highlighting a growing threat tied to the rapid adoption of AI tools across workplaces and personal devices.<\/p>\n","protected":false},"author":139,"featured_media":2000104469,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[75],"byline":[201],"hashtag":[],"class_list":["post-2000104468","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-science-technology","tag-homenews","byline-rania-umutoni"],"bylines":[{"id":201,"name":"Rania Umutoni","slug":"rania-umutoni","description":"","image":{"id":0,"url":"https:\/\/secure.gravatar.com\/avatar\/?s=96&d=mm&f=y&r=g","alt":"Default avatar","title":"Default avatar","caption":"","mime_type":"image\/jpeg","sizes":[]},"user_id":139}],"contributors":[{"id":201,"name":"Rania Umutoni","slug":"rania-umutoni","description":"","image":{"id":0,"url":"https:\/\/secure.gravatar.com\/avatar\/?s=96&d=mm&f=y&r=g","alt":"Default avatar","title":"Default avatar","caption":"","mime_type":"image\/jpeg","sizes":[]},"user_id":139}],"featured_image":{"id":2000104469,"url":"https:\/\/new.igihe.com\/english\/wp-content\/uploads\/2026\/03\/1766501332806.jpg","alt":"","caption":"","mime_type":"image\/jpeg","width":800,"height":417,"sizes":{"thumbnail":{"url":"https:\/\/new.igihe.com\/english\/wp-content\/uploads\/2026\/03\/1766501332806.jpg","width":150,"height":78},"medium":{"url":"https:\/\/new.igihe.com\/english\/wp-content\/uploads\/2026\/03\/1766501332806.jpg","width":300,"height":156},"medium_large":{"url":"https:\/\/new.igihe.com\/english\/wp-content\/uploads\/2026\/03\/1766501332806.jpg","width":768,"height":400},"large":{"url":"https:\/\/new.igihe.com\/english\/wp-content\/uploads\/2026\/03\/1766501332806.jpg","width":800,"height":417},"full":{"url":"https:\/\/new.igihe.com\/english\/wp-content\/uploads\/2026\/03\/1766501332806.jpg","width":800,"height":417}}},"_links":{"self":[{"href":"https:\/\/new.igihe.com\/english\/wp-json\/wp\/v2\/posts\/2000104468","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/new.igihe.com\/english\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/new.igihe.com\/english\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/new.igihe.com\/english\/wp-json\/wp\/v2\/users\/139"}],"replies":[{"embeddable":true,"href":"https:\/\/new.igihe.com\/english\/wp-json\/wp\/v2\/comments?post=2000104468"}],"version-history":[{"count":2,"href":"https:\/\/new.igihe.com\/english\/wp-json\/wp\/v2\/posts\/2000104468\/revisions"}],"predecessor-version":[{"id":2000104572,"href":"https:\/\/new.igihe.com\/english\/wp-json\/wp\/v2\/posts\/2000104468\/revisions\/2000104572"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/new.igihe.com\/english\/wp-json\/wp\/v2\/media\/2000104469"}],"wp:attachment":[{"href":"https:\/\/new.igihe.com\/english\/wp-json\/wp\/v2\/media?parent=2000104468"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/new.igihe.com\/english\/wp-json\/wp\/v2\/categories?post=2000104468"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/new.igihe.com\/english\/wp-json\/wp\/v2\/tags?post=2000104468"},{"taxonomy":"byline","embeddable":true,"href":"https:\/\/new.igihe.com\/english\/wp-json\/wp\/v2\/byline?post=2000104468"},{"taxonomy":"hashtag","embeddable":true,"href":"https:\/\/new.igihe.com\/english\/wp-json\/wp\/v2\/hashtag?post=2000104468"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}