Do Son 
Smart Sidebar Chrome Web Store | Image: G DATA
The Dangerous Scope of Browser Data Exfiltration
Artificial Intelligence has rapidly transformed how we work and communicate every single day. Therefore, millions of professionals now rely on automated browser tools to optimize their daily tasks. However, a shocking new security discovery indicates that threat actors are actively exploiting this widespread adoption. Security researchers recently identified several malicious AI extensions lurking inside official web marketplaces. These fraudulent add-ons quietly harvest highly sensitive user interactions in the background. Consequently, enterprise data faces a severe risk of exposure.
The scale of this ecosystem compromise is truly massive. According to recent telemetry, artificial intelligence utilities have accumulated over 115 million total users. Unfortunately, this popularity makes them a prime target for continuous browser data exfiltration campaigns. Attackers systematically mimic popular productivity features to bypass standard user suspicion. As noted in the comprehensive security analysis from G DATA:
“some of these browser add-ons conceal a darker side, such as stealing Al conversations and personal data under the guise of assisting users in dealing with agentic Al.”
Therefore, everyday consumers are accidentally installing highly dangerous software directly onto their corporate endpoints.
Dissecting the Injection Frameworks
How Urban VPN Intercepts Communications
For example, developers discovered significant issues inside a widely distributed proxy application named Urban VPN. Despite its high ratings, specific versions contained a hidden script designed to monitor active web communication channels. Specifically, this file monitors whether a user visits platforms like ChatGPT, Claude, DeepSeek, or Gemini. Once a match occurs, the extension immediately deploys an injection framework. This module alters default network configurations so the conversation data passes through external code frameworks. Furthermore, the data harvesting process continues running smoothly regardless of whether the virtual network connection remains active or disconnected.
Smart Sidebar and DOM Tampering
Similarly, another popular tool called Smart Sidebar exhibits almost identical structural telemetry patterns. The application targets a massive user base while quietly operating a stealthy data harvester. According to the technical evaluation:
“The extension contains ‘aiResponder.js’ under the ‘gptprocessor’ directory, which collects data from interactions with ChatGPT and DeepSeek.”
Specifically, the script relies on Document Object Model watchers to track active chat containers in real time. Once the text fully renders, the extension packages the conversation strings into structured Base64 data envelopes. It then transmits these stolen records to an external server via automated background requests.
Anatomy of the Stolen Payloads
Additionally, investigators analyzed the exact parameters collected during these background espionage operations. The intercepted payloads reveal a highly organized data structure designed for complete session profiling. Specifically, the malware captures the unique identifier of the target conversation alongside the specific model host name. Moreover, the transmission includes a concatenated link of the generative platform and an integer representation of the timestamp. Most alarmingly, the system exfiltrates the complete conversational array containing every prompt and response. Web developers use Base64 encoding to transport these large binary blocks safely over text-only protocols. Consequently, trade secrets and proprietary algorithms are easily funneled directly into malicious databases.
Stealthy Extraction and Iframe Abuse
Finally, the report highlights critical security concerns surrounding an add-on called Chat AI. This program previously held a verified badge from web store checkers. However, close inspection revealed that it:
“uses a React-based Chrome extension component that embeds a remote chat interface in an iframe.”
The hidden layout communicates local choices to an unverified domain using standard web messaging protocols. Such a case proves that malicious AI extensions can easily hide inside approved browser utilities. Security checkers regularly miss these dynamic iframe calls during automated scans. Ultimately, organizations must implement strict extension allow-lists to stop this ongoing threat.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
