Microsoft recently disclosed that a substantial number of users fell victim to installing malicious browser extensions disguised as legitimate AI assistant tools. These extensions, identified by Microsoft Defender, managed to amass around 900,000 installations, impacting over 20,000 business tenants where employees frequently interact with AI tools containing sensitive data.
The deceptive Chromium-based extensions were designed to gather complete URLs and AI chat data from platforms like ChatGPT and DeepSeek. This illicit activity compromised organizations by potentially exposing confidential information like proprietary code, internal procedures, and strategic conversations.
To carry out this scheme, the threat actor created fake AI assistant extensions in the Chrome Web Store that closely mimicked reputable productivity tools such as AITOPIA. Leveraging the compatibility of Microsoft Edge with Chrome Web Store extensions, these fraudulent listings could reach users on multiple browsers.
Once installed, the extensions operated surreptitiously within the browser, extracting AI chat content and browsing data from active sessions and storing it locally before transfer. Communication with attacker-controlled infrastructure was conducted through standard web protocols, making it challenging to distinguish from ordinary browsing traffic. Data was periodically transmitted via HTTPS POST requests to domains like deepaichats[.]com and chatsaigpt[.]com, with local buffers being cleared post-transmission to evade detection.
Microsoft highlighted that the extensions utilized a deceptive consent mechanism to continue data collection, with subsequent updates automatically re-enabling telemetry without users’ clear consent. These extensions indiscriminately logged visited URLs, chat excerpts, model names, and a persistent identifier, lacking adequate filtering and consent management.
The threat actor exploited the popularity of AI-assistant browser extensions, preying on users who rely on sidebar tools for interacting with models like ChatGPT and DeepSeek. Users often grant extensive page-level permissions to such extensions for convenience, with instances of browsers autonomously downloading extensions due to the convincing branding and descriptions.
In response, Microsoft recommended organizations to monitor network traffic to known endpoints like *.chatsaigpt.com and *.deepaichats.com, conduct audits on browser extensions using Microsoft Defender Vulnerability Management, activate SmartScreen and Network Protection features, and establish AI usage policies. Users were also advised to scrutinize their installed extensions, removing any unfamiliar or unverified tools for enhanced security.