Malicious ‘ChatGPT Ad Blocker’ Chrome Extension Steals Private AI Conversations—Check Your Browser Now + Video

Listen to this Post

Featured Image

Introduction:

A newly uncovered malicious Chrome extension named “ChatGPT Ad Blocker” disguises itself as a helpful tool to remove advertisements from OpenAI’s free tier, but instead systematically harvests user prompts, chat histories, and metadata[reference:0]. The extension uses a remote‑controlled background alarm to fetch updated configuration files every 60 minutes, injects a hidden script into the ChatGPT page, and exfiltrates stolen conversations via a Discord webhook[reference:1]. This attack highlights how seemingly benign browser extensions can turn into sophisticated data‑stealing malware, emphasising the urgent need for proactive detection and mitigation measures.

Learning Objectives:

  • Understand the technical execution of the “ChatGPT Ad Blocker” malware, including remote configuration, script injection, and Discord‑based exfiltration.
  • Learn how to detect and remove malicious Chrome extensions on Windows and Linux systems using manual checks, command‑line tools, and security scanners.
  • Implement preventative controls such as least‑privilege extension permissions, Manifest V3 hardening, and continuous monitoring of browser behaviour.

You Should Know:

  1. Anatomy of the Attack – Remote Control and Data Exfiltration

The “ChatGPT Ad Blocker” extension begins its malicious routine the moment it is installed. It sets up a persistent background alarm that fires every 60 minutes to fetch a configuration file from a GitHub repository[reference:2]. This design allows the attacker to remotely change the extension’s behaviour – for example, altering the exfiltration endpoint or the data being collected – without requiring any user interaction or an update from the Chrome Web Store.

When the victim navigates to chat.openai.com, the extension injects a hidden content script. The advertised ad‑blocking feature is entirely disabled in the code; instead, the script creates a deep copy of the page’s DOM, strips away images and styles, and carefully preserves the text of prompts and ongoing conversations[reference:3]. The stolen data is then packaged into an HTML file named `page_dump.html` and transmitted to a private Discord channel using a hardcoded webhook. The Discord bot announces “New Ad Report Received,” while quietly delivering the victim’s private conversations to the attacker[reference:4].

Step‑by‑Step Guide: Simulate and Detect Similar Exfiltration

  1. Check for suspicious background alarms in an extension:
    On Linux/macOS, navigate to the extension’s directory and search for `alarms` API usage:

    grep -r "chrome.alarms" ~/.config/google-chrome/Default/Extensions//
    

On Windows (PowerShell as admin):

Get-ChildItem -Path "$env:LOCALAPPDATA\Google\Chrome\User Data\Default\Extensions" -Recurse -Filter ".js" | Select-String "chrome.alarms"

2. Identify remote configuration fetches:

Look for `fetch()` calls pointing to raw GitHub URLs or other remote endpoints:

grep -r "fetch('https://raw.githubusercontent.com" ~/.config/google-chrome/Default/Extensions//

3. Detect Discord webhook exfiltration:

Search for hardcoded Discord webhook URLs (pattern: `https://discord.com/api/webhooks/`):

grep -r "discord.com/api/webhooks" ~/.config/google-chrome/Default/Extensions//

4. Monitor network traffic for unusual outbound connections:

Use `tcpdump` or Wireshark to watch for POST requests to non‑standard endpoints while ChatGPT is open:

sudo tcpdump -i any -s 0 -A 'tcp dst port 443' | grep -i "discord"
  1. Detecting Malicious Extensions – Manual and Automated Methods

Many users remain unaware of installed extensions because the Chrome Web Store’s review process does not guarantee safety. Researchers have found that even extensions with the “Featured” badge can secretly capture AI chats and sell the data[reference:5]. Therefore, proactive detection is essential.

Step‑by‑Step Guide: Audit Your Extensions

  1. List all installed extensions with their IDs and permissions:
    In Chrome, navigate to `chrome://extensions/` and enable “Developer mode”. Note each extension ID.

2. Inspect the extension’s files locally (Linux/macOS):

ls -la ~/.config/google-chrome/Default/Extensions/

For each suspicious ID, examine the JavaScript files:

grep -r "chrome.storage|fetch|XMLHttpRequest" ~/.config/google-chrome/Default/Extensions/<EXTENSION_ID>/

3. Use a dedicated extension scanner:

The open‑source Brave Extension Scanner (https://github.com/geeknik/brave-extension-scanner) analyses installed extensions for malicious patterns, dangerous permissions, and obfuscated code[reference:6]. Clone and run it:

git clone https://github.com/geeknik/brave-extension-scanner.git
cd brave-extension-scanner
npm install
npm start

4. Leverage MITRE ATT&CK‑based detection (AN0123):

Monitor for abnormal browser child process activity and outbound connections to untrusted domains after a new extension is installed[reference:7]. On Windows, use Sysmon event ID 3 (network connection) and correlate with extension installation events.

5. Automate scanning with `extHuntr`:

The ExtHuntr tool (presented at REcon Village) scans for installed extensions, analyses permissions and behaviour, and generates a risk score[reference:8].

  1. Hardening Browser Security – Least Privilege and Manifest V3

Google introduced Manifest V3 to improve extension security by eliminating remote code execution. However, it does not block access to dangerous APIs or network request hijacking, meaning data exfiltration attacks remain possible[reference:9]. Consequently, organisations must adopt additional hardening measures.

Step‑by‑Step Guide: Implement Extension Controls

1. Enforce extension allow‑listing via Group Policy (Windows):

Use the Chrome ADMX templates to configure “Configure extension installation allow list” and “Configure extension installation block list”. Example policy to block all extensions except approved ones:

Computer Configuration > Administrative Templates > Google Chrome > Extensions
- Allow installation of specific extensions: Enable
- Block installation of specific extensions: Enable (add `` to block all)

2. Restrict extension permissions using `chrome.management` API:

Administrators can write a small policy extension that revokes unnecessary permissions from installed extensions. Example manifest snippet:

"permissions": ["management"],
"background": {"service_worker": "background.js"}

In `background.js`:

chrome.management.getAll(extensions => {
extensions.forEach(ext => {
if (ext.permissions.includes("webRequest") && !ext.id.match(/^approved-id$/)) {
chrome.management.setEnabled(ext.id, false);
}
});
});

3. Disable remote configuration fetches:

Use a corporate firewall or DNS sinkhole to block known malicious patterns. For example, block all raw GitHubusercontent domains unless explicitly needed:

echo "0.0.0.0 raw.githubusercontent.com" >> /etc/hosts  Linux/macOS

On Windows, add an entry to `C:\Windows\System32\drivers\etc\hosts`.

4. Enable Chrome’s Enhanced Safe Browsing:

Navigate to `chrome://settings/security` and select “Enhanced protection”. This enables real‑time URL checks and deeper extension scanning.

  1. Use endpoint detection and response (EDR) rules to flag Discord webhooks:
    Create a Sigma rule to detect `discord.com/api/webhooks` in process command lines or script contents.

  2. Incident Response – What to Do If You Are Infected

If you suspect an extension is stealing data, immediate containment is critical. The “ChatGPT Ad Blocker” is linked to a GitHub account (krittinkalra) that had been dormant for five years and recently reactivated to write JavaScript malware[reference:10]. The same developer is also associated with two other AI platforms: AI4ChatCo and Writecream, raising concerns of broader supply‑chain compromises[reference:11].

Step‑by‑Step Guide: Contain and Recover

1. Identify and remove the malicious extension:

  • Go to chrome://extensions/.
  • Find any extension named “ChatGPT Ad Blocker” or similar ad‑blocking tools for AI sites.
  • Click “Remove”.

2. Revoke any exposed ChatGPT session tokens:

  • Log out of all devices from your OpenAI account settings.
  • Change your password and revoke any API keys.
  • Check for unauthorised conversations or activity.

3. Scan for persistence mechanisms:

On Windows, use Autoruns to check for scheduled tasks or registry run keys created by the extension. On Linux, examine `~/.config/autostart` and crontab:

crontab -l
ls ~/.config/autostart/

4. Analyse the extension’s leftover data:

The exfiltration file `page_dump.html` may still be present in the extension’s local storage. Search for it:

find ~/.config/google-chrome/ -name "page_dump.html" 2>/dev/null

5. Report the extension to Google:

Use the Chrome Web Store report abuse form. Provide the extension ID (if known) and a description of the malicious behaviour.

  1. Preventative Controls for Organisations – Policy and Training

Organisations that rely on AI tools like ChatGPT face increased risk from malicious extensions because employees may inadvertently grant broad permissions. A single compromised extension can leak sensitive conversations, source code, or business strategies.

Step‑by‑Step Guide: Build a Resilient Extension Policy

1. Implement a “zero trust” extension model:

  • Block all extensions by default using the Chrome policy `ExtensionInstallBlocklist` with value “.
  • Create an allow list of approved extensions (e.g., password managers, corporate VPN).
  • Require a business case for any new extension.

2. Audit existing extensions for high‑risk permissions:

Permissions to watch for: webRequest, webRequestBlocking, storage, cookies, tabs, <all_urls>. Use the Chrome Enterprise report available at chrome://policy/.

3. Educate users on social engineering tactics:

Attackers capitalise on OpenAI’s recent introduction of ads to free‑tier users[reference:12]. Warn employees that any “ad blocker for ChatGPT” is likely malicious. Provide a list of approved ad‑blockers (e.g., uBlock Origin) and instruct them to install only from the Chrome Web Store’s verified publisher section.

4. Enforce regular extension reviews:

Schedule a monthly review of all installed extensions using a script that queries the Chrome Management API. Example PowerShell snippet for Windows:

$extensions = Get-ChildItem "$env:LOCALAPPDATA\Google\Chrome\User Data\Default\Extensions" -Directory
$extensions | ForEach-Object { Get-Content "$($_.FullName)\manifest.json" | ConvertFrom-Json | Select-Object name, version, permissions }

5. Deploy a browser extension security solution:

Commercial tools like LayerX or Push Security provide continuous monitoring of extension behaviour, including data exfiltration attempts and permission changes.

What Undercode Say:

  • Browser extensions are a favoured vector for data theft because they bypass traditional network controls and operate inside the trusted browser context. The “ChatGPT Ad Blocker” case demonstrates how remote configuration and Discord webhooks can turn a simple extension into a persistent spy tool.
  • Organisations must move beyond relying on Chrome Web Store reviews and instead implement strict allow‑listing, continuous monitoring, and user training. Manifest V3 does not prevent data exfiltration; only behavioural detection and least‑privilege policies can mitigate this risk.
  • The reuse of a dormant GitHub account highlights the danger of supply‑chain attacks in the extension ecosystem. Developers and organisations should regularly audit their own extensions and those they depend on, watching for sudden changes in code or ownership.

Prediction:

As AI platforms become integral to business operations, we will see a sharp increase in browser extensions that masquerade as productivity tools for ChatGPT, Gemini, and Copilot while stealing conversations. Attackers will leverage AI itself to generate convincing extension descriptions and fake reviews, making social engineering even more effective. In response, browser vendors will likely introduce mandatory periodic permission reviews and real‑time behavioural analysis, but until then, the onus remains on users and organisations to stay vigilant. Expect regulatory bodies to begin issuing guidelines for extension security in enterprise environments, possibly mandating third‑party audits for any extension that accesses AI chat platforms.

▶️ Related Video (82% Match):

🎯Let’s Practice For Free:

IT/Security Reporter URL:

Reported By: Google Chatgpt – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow UndercodeTesting & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky