Users affected by malicious extensions on artificial intelligence platforms

In early March, cybersecurity researchers identified suspicious activity in multiple extensions available on the Chrome Web Store. The growing use of platforms such as ChatGPT and DeepSeek contributed to the heightened relevance of these types of threats, as millions of users were sharing sensitive information through these services. The combination of widespread technology adoption and a lack of initial oversight for some extensions facilitated the spread of the attack.

During this period, it was discovered that several fraudulent extensions—apparently designed to enhance the user experience with artificial intelligence tools—contained malicious code capable of collecting data without the users’ consent. These extensions accumulated nearly 900,000 downloads, affecting both individual users and corporate environments, where the risk was greater due to potential access to confidential information. According to reports from Microsoft Defender and other cybersecurity firms, the malware extracted entire conversations, credentials, and browsing habits, sending them to external servers controlled by the attackers. After the issue was detected, the extensions were removed from the official store, and security alerts were issued along with recommendations to uninstall any suspicious software and review granted permissions.

The incident is currently considered to be under control, although it has highlighted a growing trend in attacks targeting AI-based services. Major platforms and security firms have strengthened their detection and control mechanisms, while experts stress the need to raise user awareness of the risks associated with third-party extensions.