“`html
Two malicious Chrome extensions have jeopardized more than 900,000 users by covertly extracting ChatGPT and DeepSeek conversations, along with comprehensive browsing histories, to the attackers’ servers.
Uncovered by OX Security analysts, the malware masquerades as the authentic AITOPIA AI sidebar utility, with one counterfeit even acquiring Google’s “Featured” designation.
The OX Research team recognized the peril during standard evaluations, exposing extensions that replicate AITOPIA’s design for conversing with LLMs like GPT and Claude.
Named “Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI” (600K+ users, ID: fnmihdojmnkclgjpcoonokmkhjpjechg, version 1.9.6) and “AI Sidebar with Deepseek, ChatGPT, Claude and more” (300K+ users, ID: inhcgfpbfdjbjogdfjbclgolkmhnooop), these extensions request “anonymous analytics” authorization to disguise data theft.
Threat actors maintain privacy policies on Lovable.dev to obscure sources, while uninstalled extensions redirect to alternate ones.
How the Malware Functions
Installed extensions observe tabs using the chrome.tabs.onUpdated API, creating a unique “gptChatId” for each victim. Upon detecting chatgpt.com or deepseek.com URLs, they scrape DOM elements for prompts, replies, and session IDs, localizing data before Base64-encoding it and dispatching batches to C2 servers such as deepaichats.com or chatsaigpt.com every 30 minutes.
This captures proprietary code, business tactics, PII, search queries, and internal URLs overlooked by AITOPIA’s revealed server storage.
Exposed conversations could jeopardize intellectual property, corporate secrets, and personal information for surveillance or trading on dark web platforms. Browsing histories expose habits, tokens, and organization structures, facilitating phishing or identity theft within affected organizations.
As of January 7, 2026, both extensions are still available for download, with the first losing its “Featured” title following disclosure but updated as late as October 2025.
Users ought to visit chrome://extensions, remove by ID, or access store pages: ChatGPT extension, AI Sidebar. Steer clear of unverified extensions despite badges; rely on trustworthy sources.
Indicators of Compromise (IoCs)
| Type | Value | Notes |
|---|---|---|
| Extension name | Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI | Malicious AI sidebar-style extension |
| Extension ID | fnmihdojmnkclgjpcoonokmkhjpjechg | Chrome Web Store ID |
| Version | 1.9.6 | Reported malicious build |
| SHA-256 hash | 98d1f151872c27d0abae3887f7d6cb6e4ce29e99ad827cb077e1232bc4a69c00 | Package hash |
| Extension name | AI Sidebar with Deepseek, ChatGPT, Claude and more | Second malicious extension |
| Extension ID | inhcgfpbfdjbjogdfjbclgolkmhnooop | Chrome Web Store ID |
| Version | 1.6.1 | Reported malicious build |
| SHA-256 hash | 20ba72e91d7685926c8c1c5b4646616fa9d769e32c1bc4e9f15dddaf3429cea7 | Package hash |
Network and C2 Indicators of Compromise
| Category | Domain / Endpoint | Notes |
|---|---|---|
| C2 endpoint | deepaichats[.]com | Receives pilfered chat data and URLs |
| C2 endpoint | chatsaigpt[.]com | Additional C2 for exfiltrated data |
| Lovable-hosted server | chataigpt[.]pro | Used for privacy policy / infrastructure hosting |
| Lovable-hosted server | chatgptsidebar[.]pro | Used for uninstall redirect and infrastructure |
“`