Fake AI Browser Extensions Expose Chat Data Across 20,000 Enterprises

Microsoft Defender researchers have warned about malicious browser extensions impersonating AI assistant tools that secretly collect chat histories and browsing data from enterprise users.

According to Microsoft telemetry and external reports, these malicious extensions reached approximately 900,000 installations. They were observed across more than 20,000 enterprise tenants, potentially exposing sensitive organizational information.

The extensions targeted users who frequently interact with AI platforms such as ChatGPT and DeepSeek.

By embedding themselves inside commonly used browsers like Google Chrome and Microsoft Edge, the malicious add-ons were able to monitor user activity and capture both visited URLs and AI conversation content.

Researchers say the collected information could include proprietary source code, internal workflows, business discussions, and confidential prompts entered into AI chat tools.

Because many knowledge workers use AI assistants in their daily tasks, compromised extensions effectively turned browsers into continuous data-collection points.

Malicious Extension Campaign and Data Collection

The attack began with the distribution of AI-themed browser extensions through the Chrome Web Store.

The threat actors designed the extensions to closely resemble legitimate productivity tools used to interact with AI models by copying branding and behavior from real extensions, such as AI sidebar tools.

The malicious add-ons blended easily into the growing ecosystem of AI browser utilities.

Once installed, the extensions requested broad permissions that allowed them to observe user browsing activity.

The extensions ran background scripts that logged visited URLs and captured portions of AI conversations occurring within web pages. The collected information was stored locally before being periodically transmitted to an attacker-controlled infrastructure.

Investigators found that the extensions sent data through HTTPS POST requests to domains including deepaichats[.]com and chatsaigpt[.]com.

The exfiltrated data included full URLs, browsing context, chat snippets, model names, and persistent user identifiers. Local buffers were cleared after transmission, reducing forensic traces on affected systems.

Enterprise Risk and Mitigation

The campaign highlights a growing security challenge for organizations that rely on browser-based AI tools.

Because browser extensions operate within normal browsing environments and often require extensive permissions, malicious versions can quietly collect large volumes of sensitive data.

Type	Value	Context
Extension ID	fnmihdojmnkclgjpcoonokmkhjpjechg	“Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI” ​
Extension ID	inhcgfpbfdjbjogdfjbclgolkmhnooop	“AI Sidebar with Deepseek, ChatGPT, Claude and more” ​
C2 Domain	chatsaigpt[.]com	Primary exfiltration endpoint for stolen chat data ​
C2 Domain	deepaichats[.]com	Primary exfiltration endpoint for stolen chat data ​
Infra Domain	chataigpt[.]pro	Infrastructure and deceptive privacy policy hosting

Defenders are encouraged to implement extension inventory controls, enable browser security protections such as Microsoft Defender SmartScreen, and educate users about the risks of installing unverified AI productivity tools.

As enterprise adoption of AI assistants grows, security experts warn that malicious extensions may increasingly target the browser as a gateway to valuable organizational data.

Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.

The post Fake AI Browser Extensions Expose Chat Data Across 20,000 Enterprises appeared first on Cyber Security News.