Security Experts Warn Against Malicious Chrome Extensions Targeting AI Conversations

In a recent warning, cybersecurity professionals have urged users to exercise caution regarding malicious Chrome extensions designed to surreptitiously monitor and exfiltrate conversations involving artificial intelligence (AI). This advisory comes in light of alarming new findings published by Expel, a security services provider, which revealed a troubling rise in incidents of “prompt poaching” by seemingly legitimate browser extensions.

On March 24, Expel reported that it had tracked “several dozen” instances of prompt poaching over the course of the previous month. The term refers to the practice of stealing user interactions with AI tools, often without the user’s informed consent. The functionality of these malicious extensions is notably straightforward, as they are designed to monitor open browser tabs. When an AI client is detected, the extension collects questions posed by users and the corresponding answers, employing methods such as API interception or DOM scraping. Once the data is harvested, it is sent to external servers controlled by the developers of the browser extensions.

The evolving trends in how scammers operate have raised significant concerns. Primarily, two distinct strategies have emerged for deceiving users. The first involves impersonating existing, legitimate extensions. Recent reports highlighted examples such as “Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI” and “Talk to ChatGPT” from a developer named AITOPIA. Intriguingly, it was noted that two of these deceptive extensions had managed to amass nearly 900,000 users, unwittingly exposing them to potential threats.

The second strategy involves initially launching a legitimate extension before later integrating malicious functionalities as the user base expands. An example of this tactic was identified with the “Urban VPN Proxy” tool, which was also flagged by Expel. This method demonstrates a more insidious approach to exploitation, as users might initially trust these extensions before being unknowingly vulnerable to phishing attacks and data theft.

Expel has actively promoted measures aimed at minimizing the risks associated with prompt poaching. Among their recommendations, they strongly advise organizations to prohibit the downloading of AI-related browser extensions entirely. Furthermore, they advocate for strict management of all employee browser extensions to ensure compliance with security protocols.

The security firm emphasized the plethora of risks that these plugins pose, including identity theft, targeted phishing campaigns, and even the possibility of sensitive data being sold on underground marketplaces. For organizations, the stakes are particularly high; employees may inadvertently expose intellectual property, customer data, and other confidential information, posing a significant threat to company integrity and client trust.

To combat the dangers associated with these malicious extensions, Expel outlined several key recommendations businesses should implement:

1. Suggest Approved Alternatives: Organizations should offer a selection of safe, approved extensions to reduce the risk of users inadvertently installing harmful software.

2. Review Extension Permissions: Users should scrutinize permissions requested by browser extensions before installation, particularly paying attention to any requests that extend beyond the advertised functionalities.

3. Use Group Policy for Management: It is advisable to manage extension usage through group policy or browser management consoles, limiting the available options to those extensions that have been thoroughly reviewed and deemed safe.

4. Conduct Periodic Audits: Regularly auditing browser extensions within the organization can help administrators understand usage patterns and identify any unexpected tools or applications that connect to unknown domains.

As cybersecurity threats continue to evolve, the importance of vigilance in maintaining browser security cannot be overstated. The findings presented by Expel serve as a stark reminder of the potential vulnerabilities users face, especially as artificial intelligence becomes increasingly integrated into everyday applications. By implementing rigorous management practices and promoting awareness of the risks associated with browser extensions, organizations can better protect themselves and their users from the lurking dangers of digital theft and fraud.

Source link