Malicious VPN Extension Hijacks ChatGPT and Google Gemini Chats from Millions

Millions of users engaging with advanced AI tools like ChatGPT and Google Gemini have recently faced a severe privacy breach due to malicious browser extensions. These extensions, often disguised as helpful privacy or productivity tools, have been found to secretly harvest entire chat conversations, including sensitive prompts and responses. The sophisticated nature of these attacks means that even users seeking enhanced online security have inadvertently exposed their private interactions to data exfiltration.

The scale of this threat is significant, with reports indicating that extensions like Urban VPN Proxy, despite boasting millions of users and high ratings, were at the core of this data harvesting operation. This incident serves as a stark reminder of the vulnerabilities inherent in the browser extension ecosystem and the critical need for users to exercise extreme caution when installing any third-party add-ons.

The Mechanics of the Hijack

These malicious extensions operate by injecting specialized scripts into the web pages of AI platforms. These scripts override native browser functions, allowing the extension to intercept all network traffic related to the AI chat. This invasive process captures every element of the conversation, from the user’s initial prompt to the AI’s generated response, along with timestamps and session metadata. The collected data is then compressed and sent to servers controlled by the attackers.

The method is highly invasive because it occurs continuously in the background, irrespective of whether the VPN functionality is active or what user-facing settings might suggest. This covert operation was embedded within updates, meaning users were often unaware that the extension’s behavior had fundamentally changed. The functionality for harvesting AI conversations was reportedly introduced in specific versions of these extensions, affecting all users who updated after a certain date.

The technical execution involves overriding crucial browser network APIs, such as `fetch()` and `XMLHttpRequest`. This allows the injected scripts to intercept and capture AI prompts, AI responses, conversation IDs, and other vital metadata before they are fully processed by the browser. This detailed capture ensures that the attackers receive a comprehensive record of user interactions with the AI services.

The Scope of the Threat: More Than Just AI Chats

While the primary concern highlighted is the theft of AI conversations, the underlying capabilities of these malicious extensions extend far beyond this. Browser extensions, by their nature, run with elevated privileges within the browser, granting them access to a wide range of user data and activities. This can include the ability to read and modify web pages, track user activity across tabs, and access session data.

When an extension is weaponized, it can be used for various malicious purposes, such as credential theft, session hijacking, fraud, and even corporate espionage. Sensitive information like login credentials, banking details, and browsing history can be exfiltrated, leading to identity theft and financial fraud. Some extensions may also engage in ad fraud by injecting ads or redirecting users to phishing sites.

Furthermore, these extensions can function as spyware or keyloggers, silently recording keystrokes to capture passwords, messages, and other sensitive information. The potential for these extensions to compromise user privacy is immense, as they can monitor browsing history and capture personal data without the user’s explicit knowledge or consent.

Urban VPN Proxy and Its Complicity

Urban VPN Proxy emerged as a central figure in this data breach, affecting millions of users. This extension, which had a significant user base and a highly-rated profile on the Chrome Web Store, was found to be at the heart of the scandal. Its popularity and “Featured” badge created a false sense of security, making its malicious actions all the more insidious.

The investigation revealed that the same malicious code was present in several other extensions from the same publisher, including 1ClickVPN Proxy, Urban Browser Guard, and Urban Ad Blocker. This indicates a coordinated effort by the developer to distribute the malicious functionality across multiple applications, maximizing their reach.

Urban VPN is operated by Urban Cyber Security Inc., which is reportedly affiliated with the data broker BiScience. The collected data was allegedly being sold for marketing analytics purposes. This connection to a data broker suggests a systematic approach to monetizing the stolen user data, extending the impact of the breach beyond immediate privacy violations.

The “Buy-and-Infect” Model and Supply Chain Attacks

A common tactic employed by cybercriminals in these scenarios is the “buy-and-infect” model. This involves purchasing established browser extensions from independent developers. Once acquired, the attackers push a malicious update, exploiting the trust users have already placed in the tool.

This method is particularly effective because it leverages existing user bases and bypasses initial security checks. Extensions that have been operational for months or even years can suddenly turn malicious, catching users and platform operators off guard. This supply-chain compromise is a significant threat, as it turns trusted software into a vector for attacks.

The trust users place in extensions, especially those with high ratings and “Featured” badges, is a critical element that attackers exploit. These trust indicators, meant to signify quality and security, can unfortunately serve as a smokescreen for malicious intent, making detection and user awareness even more challenging.

Impact on Millions of Users

The repercussions of this breach are far-reaching, affecting an estimated eight million users across Google Chrome and Microsoft Edge. The continuous, background data harvesting means that all conversations since the malicious code was introduced are potentially compromised. This poses a significant risk to personal privacy, intellectual property, and confidential business discussions.

For individuals, the exposure of private conversations could lead to sensitive personal information being exploited for marketing or other nefarious purposes. For organizations, employees using these extensions might inadvertently leak proprietary code, confidential research, or sensitive business discussions, creating substantial enterprise risks.

The incident underscores that high user counts and positive reviews are not infallible indicators of an extension’s safety. Users must remain vigilant and actively audit their installed extensions, as even seemingly reputable tools can become vectors for data theft.

Identifying and Mitigating the Risk

Protecting oneself from such threats requires a proactive and multi-layered approach. The most immediate action is to uninstall any suspicious or known malicious extensions, such as Urban VPN Proxy and its related variants. Users should also consider changing credentials if any sensitive data, like passwords or API keys, was entered into AI chats while the compromised extension was active.

Regularly auditing installed browser extensions is crucial. Users should remove any extensions they do not actively use or recognize. Special attention should be paid to extensions that request broad permissions, particularly those that claim to enhance privacy or security, as these are often prime targets for abuse.

Staying informed about emerging threats and cybersecurity best practices is also vital. Following trusted security blogs and news feeds can provide timely alerts about malicious extensions and campaigns, enabling users to take preemptive measures.

The Role of Browser Stores and Developer Practices

The presence of malicious extensions on official browser stores like the Chrome Web Store highlights a systemic challenge in content moderation. While these platforms have review processes, they are not foolproof, and attackers continuously find ways to bypass them. The “Featured” badge, intended to signify quality, can unfortunately lend a false sense of legitimacy to malicious software.

The “buy-and-infect” model exacerbates this issue, as attackers can leverage existing, trusted extensions rather than building new malicious ones from scratch, which might face more scrutiny. This emphasizes the need for continuous monitoring and rapid response mechanisms from browser vendors.

Developer practices also play a critical role. Secure coding, transparent permission requests, and diligent maintenance of extensions are essential. When developers’ accounts are compromised through phishing, it can lead to widespread compromise of their user base, as seen in some supply-chain attacks.

Understanding Extension Permissions

A fundamental aspect of browser extension security lies in understanding and managing permissions. Extensions often request broad access, such as the ability to “read and change all your data on the websites you visit.” While this can be legitimate for certain tools, it grants malicious actors a dangerous foothold if abused.

Users should critically evaluate whether an extension’s requested permissions align with its stated functionality. If a grammar checker, for instance, asks for access to all browsing data, it should raise a red flag. Limiting permissions to the minimum necessary for an extension to function is a key principle of secure usage.

Organizations can enforce this principle through allow lists and block lists, controlling which extensions employees can install. This helps prevent shadow IT operations and ensures that only vetted applications with appropriate permissions are integrated into the corporate environment.

The Evolving Threat Landscape of AI and Extensions

The increasing reliance on AI tools for everyday tasks, coupled with the pervasive nature of browser extensions, creates a fertile ground for exploitation. Attackers are actively targeting this intersection, recognizing that users often disclose highly private or secret information to AI assistants.

The “man-in-the-prompt” attack, demonstrated by security researchers, shows how malicious extensions can inject prompts into AI tools and exfiltrate sensitive data, even without special permissions. This highlights a new frontier in cyber threats, where AI interactions themselves become targets.

As AI becomes more integrated into our digital lives, the security of the tools we use to access them, including browser extensions, becomes paramount. Vigilance and a deep understanding of potential risks are essential to navigating this evolving threat landscape safely.

Strategies for Enhanced User Protection

To bolster defenses against malicious browser extensions, users should adopt a “least privilege” mindset. This means granting extensions only the permissions they absolutely need to perform their intended functions. Regularly reviewing and revoking unnecessary permissions can significantly reduce the attack surface.

Be particularly cautious with extensions that offer free VPN services or promise enhanced AI capabilities, as these categories have been frequently exploited. Prioritizing extensions from reputable publishers and cross-referencing user reviews for any signs of suspicious activity are good practices.

Furthermore, keeping browsers and extensions updated is crucial, as updates often include security patches that address newly discovered vulnerabilities. Users should also consider using security software that offers real-time scanning and protection against malicious websites and extensions.

The Importance of Auditing and Monitoring

Proactive auditing and monitoring of browser extensions are indispensable for both individual users and organizations. This involves regularly reviewing the list of installed extensions, scrutinizing their permissions, and assessing their necessity. Removing any extensions that are no longer actively used or that raise suspicion can prevent potential compromises.

For businesses, implementing policies for extension management, such as requiring approval for new installations or maintaining an approved list of extensions, is vital. This helps maintain visibility and control over the software ecosystem within the organization, mitigating the risk of shadow IT and malicious add-ons.

Monitoring for unusual browser behavior, such as excessive pop-ups, unexpected redirects, or slow performance, can also serve as an early warning sign of a compromised extension. Prompt investigation of such anomalies can help mitigate damage before it becomes widespread.

Reporting Suspicious Extensions

An important step in collective cybersecurity is reporting suspicious extensions to the relevant authorities. If you encounter an extension that exhibits unusual behavior or appears to be malicious, reporting it to the official browser extension marketplace (e.g., Chrome Web Store, Microsoft Edge Add-ons) is crucial.

These reports help platform providers identify and remove malicious software, protecting other users from similar threats. Additionally, reporting to your organization’s IT security team, if applicable, ensures that internal policies and protective measures can be updated accordingly.

This proactive measure contributes to the overall health of the browser extension ecosystem, making it safer for everyone. By working together, users and platform providers can help identify and neutralize threats more effectively.