Ad Blocker Extensions Secretly Capture AI Chats
Two browser extensions, initially believed to be mere ad blockers, have been exposed for clandestinely capturing conversations from major AI platforms including ChatGPT, Claude, and Gemini. Known as “Smart Adblocker” and “Adblock for Browser,” these extensions were downloaded by approximately 90,000 users before their true nature was unveiled.
While users benefited from genuine ad-blocking functionalities, their interactions with AI were being covertly recorded. This operation, internally dubbed “Panel 231” and identified as PromptSnatcher, involved more than simple data logging, capturing entire conversation histories and determining the AI model and subscription tier used by individuals.
Discovery and Analysis
The threat was first identified by analysts at MalExt Sentry, who documented their findings in a report for Cyber Security News. The investigation began when an automated scanner detected a recurrent Google Tag Manager ID across several extensions, revealing a larger, interconnected data collection scheme.
Both extensions shared identical code and infrastructure, using an internal communication protocol named LDP_MESSAGE. Despite operating under different names and domains, they were essentially the same tool crafted by a single entity. This approach, known as split deployment, is a tactic to broaden reach while minimizing the risk of complete shutdown.
Technical Details of the Intrusion
PromptSnatcher’s effectiveness was partly due to its use of legitimate ad-blocking filter lists like EasyList, which allowed it to pass casual inspections. The extensions contained a concealed telemetry engine, separate from the ad-blocking components, which required thorough code analysis to detect.
The attack leveraged a script called shared-page-capture.js to intercept network traffic, capturing up to 10,000 characters of user prompts and 30,000 characters of AI responses. This data, including device IDs and timestamps, was transmitted to servers controlled by the operators. The breach affected eight AI platforms, with the ability to add more targets via a remote configuration server.
Implications and Recommendations
Particularly concerning was the discovery that Firefox versions of these extensions incorrectly stated that they collected no data, misleading users and the Mozilla review process. Users who installed these extensions, thinking they were enhancing protection, unknowingly exposed their AI interactions.
It is strongly advised that users immediately uninstall these extensions and rotate their AI account credentials as a precaution. Reviewing recent AI conversation histories for unusual access is also recommended to ensure privacy and security.
For further updates and details on protecting your online privacy, follow Cyber Security News on Google News, LinkedIn, and X.
