Fake ChatGPT Ad Blocker Chrome Extension Caught Spying on Users
Fake ChatGPT Ad Blocker Chrome extension harvested user conversations via Discord webhook.
Summary
A malicious Chrome extension named 'ChatGPT Ad Blocker' was distributed via the Google Chrome Web Store, claiming to block ads while actually harvesting ChatGPT conversations and sending them to attackers via a Discord bot called Captain Hook. The developer, linked to online handle krittinkalra and platforms Writecream and AI4ChatCo, used DOM cloning to extract text longer than 150 characters and checked GitHub hourly for remote command updates. Suspicious domains including blockaiads.com, openadblock.com, and gptadblock.com were associated with the scam campaign.
Full text
Security Scams and FraudFake ChatGPT Ad Blocker Chrome Extension Caught Spying on Users A fake Chrome browser extension called ‘ChatGPT Ad Blocker’ was harvesting conversations of ChatGPT users in the name of offering an ad-free experience. byDeeba AhmedApril 3, 20262 minute read As OpenAI introduces adverts for its free-tier users, a new wave of scams is already looking to cash in. DomainTools, a team of internet infrastructure monitors, has identified a malicious Chrome extension titled ChatGPT Ad Blocker, which was available on the official Google Chrome Web Store as recently as 10 February 2026. While users thought they were simply blocking ads from their screens, the extension was actually keeping an eye on ther their conversations with the ChatGPT AI chatbot. The trick is simple but effective. When a user opens ChatGPT, the extension executes a process called cloning the DOM. In simple words, it creates a copy of everything on the page and then filters out images and styles to focus purely on the text (your private prompts and the AI’s answers). According to DomainTools’ investigation, the extension flagged any text longer than 150 characters and sent the entire conversation to a private channel on the messaging app Discord. The data was intercepted by a bot, interestingly named Captain Hook, which stored the stolen conversations for the hackers to read later. To keep the operation hidden, the tool checked a GitHub file every hour for new instructions, allowing the attackers to change their tactics remotely without the user ever suspecting a thing. Links to major AI apps The developer accused of running this malicious extension goes by the online handle of krittinkalra, and is not a random hacker; they are also linked to popular AI platforms Writecream and AI4ChatCo, which claim to have over 1.5 million users. “This identified activity appears to be positioning to take advantage of the dramatic shift in OpenAI’s policy to serve up advertisements to its free tier users by distributing malicious Chrome extensions alleging to block ChatGPT ads. Specifically, the extension’s primary purpose is data harvesting, stealing the full conversation structure, user prompts, and metadata, and exfiltrating it via a Discord webhook. Again, it begs the question, does the risk extend to other apps created by the same developer?” DomainTools blog post reads. While there is currently no proof that these other apps are stealing data, the developer’s sudden move from harmless phone software to data-stealing malware has raised serious alarms. For your information, the account had been inactive for five years before suddenly resurfacing with this malicious tool. It could be that their account was compromised to spread the malicious extension. The malicious extension (Source: DomainTools) The cost of ‘free’ Researchers have also linked the scam to several suspicious websites, including blockaiads.com, openadblock.com, and gptadblock.com. Further probing revealed that the stolen data includes not just the chats themselves, but also technical metadata and the state of the user’s interface. While ads are annoying, having your private chats and business data broadcast to a stranger is a far higher price to pay. DomainTools suggests that the safest way to avoid ads is through official settings, as any third-party “middleman” app is perfectly placed to listen in on your most private conversation. For now, you should treat any tool linked to this developer with suspicion. Deeba Ahmed Deeba is a veteran cybersecurity reporter at Hackread.com with over a decade of experience covering cybercrime, vulnerabilities, and security events. Her expertise and in-depth analysis make her a key contributor to the platform’s trusted coverage. View Posts Ad BlockerChatGPTChromeExtensionMalwareOpenAIScamSpying Leave a Reply Cancel reply View Comments (0) Related Posts Security Will good prevail over bad as bots battle for the internet? This is the third in a series of blog posts “on all things Bot” – The first two… byIan Trump Read More Security Cyber Attacks Malware Lazarus Group Targets Blockchain Pros with Fake Video Conferencing, Job Scam A new Group-IB report highlights an ongoing campaign by the North Korean Lazarus Group, known as the “Eager… byWaqas Security Smart home devices can be hacked within minutes through Google search The Internet of Things (IoT) devices, especially smart home devices, are built to get things done conveniently and… byWaqas Read More Artificial Intelligence Security Why AI-Powered Cyber Defense Is No Longer Optional for Modern Businesses Large businesses or governments aren’t the only ones threatened by cyber attacks. Every organization is now equally threatened.… byOwais Sultan
Indicators of Compromise
- domain — blockaiads.com
- domain — openadblock.com
- domain — gptadblock.com
- malware — ChatGPT Ad Blocker
- malware — Captain Hook