PromptSnatcher: AdBlocker stealing Ai Chats - 90k installs
PromptSnatcher is a malicious data collection operation involving two Chrome browser extensions masquerading as ad blockers with approximately 90,000 combined installs. These extensions intercept full conversation histories, model usage, and subscription tier information from eight major AI platforms, including ChatGPT, Claude, Gemini, and others. The exfiltrated data is sent to operator-controlled servers without clear user notification beyond a vague "Enhanced Protection" consent. The extensions dynamically update their parsing logic from remote command-and-control servers, enabling ongoing targeting without extension updates. Firefox variants falsely declare no data collection permissions while performing equivalent data interception. The operation uses distinct infrastructure for each extension and employs sophisticated API hooking to capture and transmit sensitive AI chat data.
AI Analysis
Technical Summary
PromptSnatcher is a coordinated data exfiltration campaign using two Chrome extensions, Smart Adblocker and Adblock for Browser, with about 80,000 and 10,000 users respectively. Both extensions share a bespoke interception engine that hooks into browser APIs (fetch, XMLHttpRequest, WebSocket) to capture full conversation texts, subscription status, and model usage from eight AI platforms (ChatGPT, Claude, Gemini, Copilot, Perplexity, DeepSeek, Grok, Meta AI). The extensions provide genuine ad-blocking functionality using public filter lists as cover while running undisclosed telemetry. They dynamically fetch platform-specific parsing rules from remote C2 endpoints, allowing flexible targeting. Data is buffered and sent with persistent identifiers and metadata to operator-controlled servers. Firefox variants misleadingly declare no data collection permissions but contain the same capture engine. The campaign uses segmented infrastructure with distinct C2 domains per extension. This operation represents a significant privacy breach for users of affected AI platforms.
Potential Impact
Users of the affected extensions have their entire AI chat conversations, including prompts and responses, exfiltrated to attacker-controlled servers. Subscription tier and model usage data are also collected, potentially exposing sensitive user information and usage patterns. The data interception occurs without explicit informed consent, violating user privacy expectations. The dynamic remote configuration allows the attacker to expand or modify targets without user awareness. The extensions' presence on the Chrome Web Store with tens of thousands of installs increases the scale of impact. The Firefox variants’ false declarations of no data collection further undermine user trust and transparency.
Mitigation Recommendations
No official patch or remediation is indicated in the provided data. Users should immediately uninstall the affected extensions: Smart Adblocker (Chrome ID: iojpcjjdfhlcbgjnpngcmaojmlokmeii) and Adblock for Browser (Chrome ID: jcbjcocinigpbgfpnhlpagidbmlngnnn). Chrome Web Store abuse reports have been filed, so monitor the store for removal or updates. Avoid installing extensions from untrusted sources and verify extension permissions carefully. Since the extensions dynamically update parsing rules from remote servers, removal is the only effective mitigation. Check vendor advisories or Chrome Web Store notices for updates on removal or fixes.
PromptSnatcher: AdBlocker stealing Ai Chats - 90k installs
Description
PromptSnatcher is a malicious data collection operation involving two Chrome browser extensions masquerading as ad blockers with approximately 90,000 combined installs. These extensions intercept full conversation histories, model usage, and subscription tier information from eight major AI platforms, including ChatGPT, Claude, Gemini, and others. The exfiltrated data is sent to operator-controlled servers without clear user notification beyond a vague "Enhanced Protection" consent. The extensions dynamically update their parsing logic from remote command-and-control servers, enabling ongoing targeting without extension updates. Firefox variants falsely declare no data collection permissions while performing equivalent data interception. The operation uses distinct infrastructure for each extension and employs sophisticated API hooking to capture and transmit sensitive AI chat data.
Reddit Discussion
Full write-up: MalExt Sentry - Malicious Browser Extension Tracker
Two Chrome extensions presenting as adblockers also intercept every prompt and response on ChatGPT, Claude, Gemini, Copilot, Grok, Perplexity, DeepSeek, and Meta AI, exfiltrating them to operator-controlled servers.
They also check whether you're a paid user on 5 of the 8 platforms
(ChatGPT, Claude, Perplexity, Copilot, Gemini).
Both share the same capture engine, payload format, and partnerId.
Two brands, one operation.
- Smart Adblocker - Chrome Web Store `
iojpcjjdfhlcbgjnpngcmaojmlokmeii`, 80k users - Adblock for Browser - Chrome Web Store `
jcbjcocinigpbgfpnhlpagidbmlngnnn`, 10k users
Report covers the IOCs, live remote config, reproduction curl, and full target breakdown.
Chrome Web Store abuse reports filed.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
PromptSnatcher is a coordinated data exfiltration campaign using two Chrome extensions, Smart Adblocker and Adblock for Browser, with about 80,000 and 10,000 users respectively. Both extensions share a bespoke interception engine that hooks into browser APIs (fetch, XMLHttpRequest, WebSocket) to capture full conversation texts, subscription status, and model usage from eight AI platforms (ChatGPT, Claude, Gemini, Copilot, Perplexity, DeepSeek, Grok, Meta AI). The extensions provide genuine ad-blocking functionality using public filter lists as cover while running undisclosed telemetry. They dynamically fetch platform-specific parsing rules from remote C2 endpoints, allowing flexible targeting. Data is buffered and sent with persistent identifiers and metadata to operator-controlled servers. Firefox variants misleadingly declare no data collection permissions but contain the same capture engine. The campaign uses segmented infrastructure with distinct C2 domains per extension. This operation represents a significant privacy breach for users of affected AI platforms.
Potential Impact
Users of the affected extensions have their entire AI chat conversations, including prompts and responses, exfiltrated to attacker-controlled servers. Subscription tier and model usage data are also collected, potentially exposing sensitive user information and usage patterns. The data interception occurs without explicit informed consent, violating user privacy expectations. The dynamic remote configuration allows the attacker to expand or modify targets without user awareness. The extensions' presence on the Chrome Web Store with tens of thousands of installs increases the scale of impact. The Firefox variants’ false declarations of no data collection further undermine user trust and transparency.
Mitigation Recommendations
No official patch or remediation is indicated in the provided data. Users should immediately uninstall the affected extensions: Smart Adblocker (Chrome ID: iojpcjjdfhlcbgjnpngcmaojmlokmeii) and Adblock for Browser (Chrome ID: jcbjcocinigpbgfpnhlpagidbmlngnnn). Chrome Web Store abuse reports have been filed, so monitor the store for removal or updates. Avoid installing extensions from untrusted sources and verify extension permissions carefully. Since the extensions dynamically update parsing rules from remote servers, removal is the only effective mitigation. Check vendor advisories or Chrome Web Store notices for updates on removal or fixes.
Technical Details
- Source Type
- Subreddit
- netsec
- Reddit Score
- 0
- Discussion Level
- minimal
- Content Source
- reddit_link_post
- Post Type
- link
- Domain
- null
- Newsworthiness Assessment
- {"score":27,"reasons":["external_link","established_author","very_recent"],"isNewsworthy":true,"foundNewsworthy":[],"foundNonNewsworthy":[]}
- Has External Source
- true
- Trusted Domain
- false
Threat ID: 6a2ddc14e617e2d8344f4d01
Added to database: 6/13/2026, 10:39:16 PM
Last enriched: 6/13/2026, 10:39:22 PM
Last updated: 6/14/2026, 4:57:25 AM
Views: 11
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.