As OpenAI begins to incorporate advertisements into its free service tier, cybercriminals have started exploiting this development by misleading users with counterfeit utility tools. A notable example is the recently identified malicious Google Chrome extension, aptly named ‘ChatGPT Ad Blocker’.
Extension’s True Motive Revealed
Despite presenting itself as a tool to eliminate unwanted ads, the extension’s real function is to intercept and steal private user conversions, forwarding them to a concealed Discord channel. Upon installation from the Chrome Web Store, the extension silently establishes a monitoring system that fetches a remote configuration file from a GitHub repository every hour.
This setup enables the attacker to adjust the extension’s operations remotely at any time, without user awareness, by bypassing the browser’s cache. In a surprising twist, researchers from Domain Tools discovered that the extension’s ad-blocking capabilities are entirely non-functional.
How User Data is Compromised
When users access the ChatGPT platform, the extension deploys a malicious script that duplicates the page, removes its styling, and covertly captures all textual inputs. The captured data is then compiled into a file named page_dump.html and dispatched to a private Discord webhook operated by a bot known as ‘Captain Hook’.
Consequently, attackers immediately gain access to user prompts, conversation histories, and account metadata. This security breach is linked to a developer alias ‘krittinkalra’, whose GitHub account shows suspicious activity, suggesting possible compromise or sale.
Associated Risks and Preventive Measures
This developer’s profile, after inactivity since 2020, recently resurfaced with a newfound focus on JavaScript-based malware. Public records also associate this persona with two AI platforms, AI4ChatCo and Writecream, which boast millions of users and offer chatbot integration and automated marketing content.
The discovery of this data-stealing extension by DomainTools raises alarm over potential similar threats in related applications. To safeguard privacy and secure AI interactions, users are advised to adopt stringent security measures.
Exercise extreme caution with extensions that promise ad-blocking on high-value sites, and scrutinize permissions requested by such tools. Treat associated platforms like AI4ChatCo and Writecream with suspicion until comprehensive security evaluations confirm their safety. Additionally, avoid using external AI intermediaries, resellers, or browser add-ons that could potentially access or modify private conversations.
For ongoing updates on cybersecurity, follow us on Google News, LinkedIn, and X. Contact us to share your stories and insights.
