Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Chrome Extension Poses Security Threat by Stealing User Data

Chrome Extension Poses Security Threat by Stealing User Data

Posted on April 3, 2026 By CWS

As OpenAI begins to incorporate advertisements into its free service tier, cybercriminals have started exploiting this development by misleading users with counterfeit utility tools. A notable example is the recently identified malicious Google Chrome extension, aptly named ‘ChatGPT Ad Blocker’.

Extension’s True Motive Revealed

Despite presenting itself as a tool to eliminate unwanted ads, the extension’s real function is to intercept and steal private user conversions, forwarding them to a concealed Discord channel. Upon installation from the Chrome Web Store, the extension silently establishes a monitoring system that fetches a remote configuration file from a GitHub repository every hour.

This setup enables the attacker to adjust the extension’s operations remotely at any time, without user awareness, by bypassing the browser’s cache. In a surprising twist, researchers from Domain Tools discovered that the extension’s ad-blocking capabilities are entirely non-functional.

How User Data is Compromised

When users access the ChatGPT platform, the extension deploys a malicious script that duplicates the page, removes its styling, and covertly captures all textual inputs. The captured data is then compiled into a file named page_dump.html and dispatched to a private Discord webhook operated by a bot known as ‘Captain Hook’.

Consequently, attackers immediately gain access to user prompts, conversation histories, and account metadata. This security breach is linked to a developer alias ‘krittinkalra’, whose GitHub account shows suspicious activity, suggesting possible compromise or sale.

Associated Risks and Preventive Measures

This developer’s profile, after inactivity since 2020, recently resurfaced with a newfound focus on JavaScript-based malware. Public records also associate this persona with two AI platforms, AI4ChatCo and Writecream, which boast millions of users and offer chatbot integration and automated marketing content.

The discovery of this data-stealing extension by DomainTools raises alarm over potential similar threats in related applications. To safeguard privacy and secure AI interactions, users are advised to adopt stringent security measures.

Exercise extreme caution with extensions that promise ad-blocking on high-value sites, and scrutinize permissions requested by such tools. Treat associated platforms like AI4ChatCo and Writecream with suspicion until comprehensive security evaluations confirm their safety. Additionally, avoid using external AI intermediaries, resellers, or browser add-ons that could potentially access or modify private conversations.

For ongoing updates on cybersecurity, follow us on Google News, LinkedIn, and X. Contact us to share your stories and insights.

Cyber Security News Tags:ad blocker, AI services, browser security, ChatGPT, Chrome extension, Cybersecurity, data theft, Discord, GitHub, JavaScript malware, Malware, online privacy, Security

Post navigation

Previous Post: Expanding Mobile Threats Challenge Enterprise Security
Next Post: Axios Maintainer Faces Sophisticated Supply Chain Attack

Related Posts

ToxicPanda Android Banking Malware Infected 4500+ Devices to Steal Banking Credentials ToxicPanda Android Banking Malware Infected 4500+ Devices to Steal Banking Credentials Cyber Security News
Kali Linux 2025.3 Released With New Features and 10 New Hacking Tools Kali Linux 2025.3 Released With New Features and 10 New Hacking Tools Cyber Security News
Malicious Chrome Extension Steals Wallet Login Credentials and Enables Automated Trading Malicious Chrome Extension Steals Wallet Login Credentials and Enables Automated Trading Cyber Security News
Threat Actors Attacking Organizations Key Employees With Weaponized Copyright Documents to Deliver Noodlophile Stealer Threat Actors Attacking Organizations Key Employees With Weaponized Copyright Documents to Deliver Noodlophile Stealer Cyber Security News
Mirai Botnets Escalate Global Cyber Threats Mirai Botnets Escalate Global Cyber Threats Cyber Security News
Online PDF Editors Safe to Use? Detailed Analysis of Security Risks Associated With It Online PDF Editors Safe to Use? Detailed Analysis of Security Risks Associated With It Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • North Korea-Linked npm Packages Pose Threat to Developers
  • Urgent Update Advised for Apache ActiveMQ Vulnerabilities
  • Major Cybersecurity Incidents: Canadian Hacker, ATM Fraud
  • Top Post-Quantum Cryptographic Solutions for 2026
  • Armored Likho’s BusySnake Threatens Government and Energy Sectors

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • North Korea-Linked npm Packages Pose Threat to Developers
  • Urgent Update Advised for Apache ActiveMQ Vulnerabilities
  • Major Cybersecurity Incidents: Canadian Hacker, ATM Fraud
  • Top Post-Quantum Cryptographic Solutions for 2026
  • Armored Likho’s BusySnake Threatens Government and Energy Sectors

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark