0

No products in the cart.

0

No products in the cart.

Home News Fake ChatGPT Ad Blocker Chrome Extension Caught Stealing User Conversations
News

Fake ChatGPT Ad Blocker Chrome Extension Caught Stealing User Conversations

April 9, 20261 Mins read9 Views

A malicious Chrome extension called “ChatGPT Ad Blocker” has been caught harvesting private ChatGPT conversations while claiming to offer an ad-free experience. The extension was available on the Google Chrome Web Store until February 10, 2026, and targeted users of OpenAI’s free-tier service, which recently began displaying ads.

How the Scam Worked

The extension tricked users by appearing as a simple ad blocker, but in reality, it executed a process called cloning the DOM. This created a copy of the webpage, stripped of images and styles, and focused solely on the text, capturing users’ private prompts and ChatGPT’s responses.

  • Any text longer than 150 characters was sent to a private Discord channel using a bot named Captain Hook.
  • The extension checked a GitHub file hourly for instructions, allowing attackers to modify its behavior remotely without users noticing.

Developer and Background

The account behind the extension goes by the handle krittinkalra, a developer linked to popular AI platforms Writecream and AI4ChatCo, which have over 1.5 million users. DomainTools noted that the account had been inactive for five years before resurfacing with this malicious extension, raising concerns about a possible compromise or sudden shift in intent.

Additional Threats

Researchers connected the scam to suspicious websites, including:

  • blockaiads.com
  • openadblock.com
  • gptadblock.com

The stolen data included not only the chat contents but also technical metadata and the state of users’ interfaces. While blocking ads may seem appealing, the cost of exposing sensitive conversations and business information is far higher.

Key Takeaways

  • The ChatGPT Ad Blocker extension stole private conversations and metadata.
  • It operated secretly by cloning the page DOM and sending data to Discord.
  • Users should avoid unofficial extensions and verify developer credibility.
  • Suspicious activity may extend to other applications by the same developer.
  • Always check the Web Store for security warnings and reviews before installing tools.

Previous post Cloudflare Launches EmDash CMS: AI-Powered, Secure Alternative to WordPress

1 Comment

  • This fake ChatGPT Ad Blocker is a stark reminder to only install extensions from trusted developers. Harvesting private chats and metadata is a serious privacy breach, and users should always double-check permissions and reviews before installing any browser add-on.

    Reply

Leave a Reply to scsec Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

News

Outdated Systems and Vulnerable Apps Leave Most Enterprises Exposed to Cyberattacks

April 10, 2026
News

APT28 Turns Vulnerable Routers into a Global DNS Hijacking and Espionage Network

April 10, 2026
Crypto

Silent Cryptojacking Campaign Disguised as Non-Profit Software Drains Victims’ PCs

April 10, 2026
News

Iran-Linked Hackers Disrupt U.S. Critical Infrastructure via PLC Attacks

April 9, 2026

Related Articles

News

Outdated Systems and Vulnerable Apps Leave Most Enterprises Exposed to Cyberattacks

A recent security analysis highlights a widespread problem in enterprise environments: many...

ByApril 10, 2026
News

APT28 Turns Vulnerable Routers into a Global DNS Hijacking and Espionage Network

A Russia-linked cyber espionage group, widely tracked as APT28, has been connected...

ByApril 10, 2026
News

Iran-Linked Hackers Disrupt U.S. Critical Infrastructure via PLC Attacks

Iran-Linked Hackers Target U.S. Critical Infrastructure via Internet-Exposed PLCs Iran-affiliated cyber actors...

ByApril 9, 2026
News

Cybercrime, FBI IC3, Investment Fraud, Ransomware, Cryptocurrency Scams

FBI Reports Cybercrime Losses Nearly $21 Billion in 2025 The FBI’s Internet...

ByApril 9, 2026