Fake AI Chrome Extensions Steal 900K Users' Data - Dark Reading

Threat actors deployed malicious Chrome extensions, posing as legitimate AI tools, to steal sensitive user data by exfiltrating LLM conversations and browser activity to a command-and-control (C2) server. These extensions, affecting over 900,000 users, enabled the theft of proprietary code, business strategies, financial details, and credentials, posing significant risks of corporate espionage and identity theft.