DIGITAL LIFE

Microsoft Alert: fake AI extensions in Chrome and Edge Steal ChatGPT and DeepSeek conversations

On March 5, 2026, Microsoft published a security alert about malicious browser extensions that masquerade as legitimate artificial intelligence tools to steal the chat history of ChatGPT and DeepSeek users.

The AI ​​extensions identified by the Microsoft Defender team reached approximately 900,000 installations and were detected in more than 20,000 enterprise organizations.

Microsoft Defender has been investigating reports of malicious Chromium‑based browser extensions that impersonate legitimate AI assistant tools to harvest LLM chat histories and browsing data. Reporting indicates these extensions have reached approximately 900,000 installs. Microsoft Defender telemetry also confirms activity across more than 20,000 enterprise tenants, where users frequently interact with AI tools using sensitive inputs.

The extensions collected full URLs and AI chat content from platforms such as ChatGPT and DeepSeek, exposing organizations to potential leakage of proprietary code, internal workflows, strategic discussions, and other confidential data.

At scale, this activity turns a seemingly trusted productivity extension into a persistent data collection mechanism embedded in everyday enterprise browser usage, highlighting the growing risk browser extensions pose in corporate environments.

How malicious AI extensions work...The extensions were distributed through the Chrome Web Store with names and descriptions that mimicked legitimate AI assistant tools – including references to ChatGPT, DeepSeek, and Claude. Because Microsoft Edge supports Chrome Web Store extensions, a single listing allowed simultaneous distribution across both browsers without additional infrastructure.

After installation, the extensions collected two types of data in the background:

-Complete URLs visited by the user, including internal company websites

-Content of conversations with AI – prompts sent and responses received on platforms such as ChatGPT and DeepSeek

The data was stored locally in encrypted format and periodically sent to servers controlled by the attackers through the domains deepaichats[.]com and chatsaigpt[.]com, using HTTPS connections to blend in with normal browser traffic.

The detail that makes the attack more dangerous...Microsoft identified a deliberately deceptive consent mechanism: even if the user disabled data collection, subsequent updates to the extension automatically reactivated telemetry without clear notification.

Microsoft also recorded cases where browsers with agentic features installed the extensions automatically, without explicit user approval – a reflection of how convincing the names and descriptions presented were.

Persistence was ensured by the normal behavior of browser extensions: the extension automatically reloaded each time the browser started, without the need for elevated privileges or additional actions.

What may have been exposed...For individual users, the risk includes the exposure of private conversations with AI assistants – which may contain personal, financial, or professional information shared during work sessions.

For companies, the potential impact is more serious: proprietary code, internal workflows, strategic discussions, and confidential data shared with AI tools by employees may have been captured and exfiltrated.

What to do now...Microsoft recommends the following immediate actions(below):

Review the extensions installed in Chrome and Edge and remove any unknown or unused extensions – in Chrome: chrome://extensions / in Edge: edge://extensions

Check if any installed extension uses the IDs fnmihdojmnkclgjpcoonokmkhjpjechg or inhcgfpbfdjbjogdfjbclgolkmhnooop and remove it immediately

Block traffic to the domains chatsaigpt.com, deepaichats.com, chataigpt.pro and chatgptsidebar.pro

Install only verified extensions from known publishers with a proven track record

Enable Microsoft Defender SmartScreen in an enterprise environment

AI extensions: a growing attack vector...This incident underscores an emerging pattern: as users adopt AI tools in their browsers as part of their work routine, AI assistant extensions become an increasingly attractive attack vector. The trust placed in these tools – and the sensitive data routinely shared with them – makes them a high-value target for attackers willing to invest in compelling and well-distributed extensions.

The full Microsoft alert, with technical indicators of compromise and detection queries for security teams, is available on the Microsoft Security Blog.

mundophone