Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
The Future of Encryption: Top Post-Quantum Cryptography Solutions for 2026
July 3, 2026
Alibaba Bans Internal Use of Claude AI Over Backdoor Concerns
July 3, 2026
Apache ActiveMQ Critical Vulnerabilities Allow DoS Attacks, System Crashes
July 3, 2026
Home/CyberSecurity News/Malicious Chrome Extension Steals ChatGPT Conversations
CyberSecurity News

Malicious Chrome Extension Steals ChatGPT Conversations

Key Takeaways A malicious Google Chrome extension, “ChatGPT Ad Blocker,” has been identified stealing user conversations from OpenAI’s ChatGPT. The extension masquerades as an ad...

Marcus Rodriguez
Marcus Rodriguez
April 3, 2026 2 Min Read
25 0

Key Takeaways

  • A malicious Google Chrome extension, “ChatGPT Ad Blocker,” has been identified stealing user conversations from OpenAI’s ChatGPT.
  • The extension masquerades as an ad blocker but secretly exfiltrates chat data, including prompts and conversation history, to a private Discord channel.
  • The attacker can remotely control the extension’s behavior by bypassing browser cache mechanisms.
  • The developer alias “krittinkalra,” linked to the extension, shows suspicious activity patterns and connections to AI services AI4ChatCo and Writecream.

Malicious Chrome Extension Exploits ChatGPT Ad Rollout to Steal User Data

Cybersecurity researchers have uncovered a deceptive Google Chrome extension, “ChatGPT Ad Blocker,” that capitalizes on OpenAI’s recent introduction of advertisements to its free ChatGPT tier. This malicious tool, designed to appear as a utility for hiding unwanted ads, is actively harvesting users’ private conversations and sending them to a hidden Discord channel.

Table Of Content

  • Key Takeaways
  • Malicious Chrome Extension Exploits ChatGPT Ad Rollout to Steal User Data
  • How the Data Theft Operates
  • Suspicious Developer Activity and Affiliations
  • What You Should Do

How the Data Theft Operates

Upon installation from the Chrome Web Store, the extension establishes a covert monitoring system. It initiates an hourly alarm to retrieve a remote configuration file from a GitHub repository. Crucially, this process continuously bypasses the browser’s cache, granting the attacker the ability to alter the extension’s behavior at any moment without the user’s knowledge or consent.

Domain Tools researchers discovered that the advertised ad-blocking functionalities of the extension are entirely non-operational. Instead, when a user navigates to the ChatGPT website, the extension injects a malicious script. This script clones the entire page, removes styling, and surreptitiously captures all text content. The stolen chat data is then packaged into a file named page_dump.html and transmitted to a private Discord webhook managed by a bot identified as “Captain Hook.” This method ensures that the attacker instantly receives user prompts, complete conversation histories, and account metadata.

Suspicious Developer Activity and Affiliations

The malicious extension is linked to a developer alias, “krittinkalra,” associated with a GitHub account established around 2014. An analysis of the account’s history reveals a highly suspicious timeline, suggesting a potential compromise or sale of the profile. The account primarily focused on Android kernel development until 2020, then remained dormant for over five years before abruptly reappearing with a shift to creating JavaScript-based malware.

Furthermore, this developer persona is publicly connected to two active AI services: AI4ChatCo and Writecream. These platforms claim to serve millions of users by offering chatbot integration and automated marketing content. The discovery of this data-harvesting Chrome extension, detailed in a report by DomainTools, raises significant concerns about the potential for similar data theft across related applications and services.

What You Should Do

  • Exercise extreme caution with browser extensions that promise ad-blocking capabilities on high-value websites like ChatGPT, and thoroughly review all requested permissions.
  • Consider affiliated platforms such as AI4ChatCo and Writecream as potentially compromised until comprehensive security audits can verify their integrity.
  • Avoid using third-party AI intermediaries, resellers, or browser add-ons that could intercept or modify private conversations without your knowledge.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackMalwareSecurity

Share Article

Marcus Rodriguez

Marcus Rodriguez

Marcus is a security researcher and investigative journalist with expertise in vulnerability research, bug bounties, and cloud security. Since 2017, Marcus has been breaking stories on critical vulnerabilities affecting major platforms. His investigative work has led to the disclosure of numerous security flaws and improved defenses across the industry. Marcus is an active participant in bug bounty programs and has been recognized for responsible disclosure practices. He holds multiple security certifications and regularly speaks at industry events.

Previous Post

Venom Stealer Exploits ClickFix Lures for Full Data Exfiltration

Next Post

Axios npm Compromise: Social Engineering Led to Critical Vulnerability

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Nebula AI Platform Automates Pen Testing to Find Vulnerabilities
July 3, 2026
PureLog Stealer Uses Blogspot and PowerShell to Deliver Malware
July 3, 2026
FBI Warns TeamPCP Hackers Exploit Developer Tools in Supply Chain Attacks
July 3, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us