Malicious browser extensions disguised as ad blockers have been secretly harvesting artificial intelligence chat conversations from roughly 90,000 users, according to findings released by security researchers at MalExt Sentry on June 13, 2026. The operation, named PromptSnatcher by the investigating team, shows that the extensions perform their stated function – blocking advertisements – while simultaneously recording complete exchanges with eight major AI platforms, including ChatGPT and Gemini, without users’ knowledge.
Extensions Share a Common Infrastructure
The two extensions identified in the campaign are “Smart Adblocker” (extension ID iojpcjjdfhlcbgjnpngcmaojmlokmeii), with approximately 80,000 users, and “Adblock for Browser” (ID jcbjcocinigpbgfpnhlpagidbmlngnnn), with roughly 10,000 users. Both rely on the same hidden data-collection system, which researchers track internally as “Panel 231,” and use public filter lists to deliver genuine ad blocking as cover. To make the data interception harder to detect, the extensions present a consent prompt for something labeled “Enhanced Protection,” which makes no mention of logging AI chat content.
Which Platforms and Data Are Affected
The data engine built into the extensions targets ChatGPT, Gemini, Claude, Copilot, Perplexity, DeepSeek, Grok, and Meta AI. It captures conversations directly from website traffic, storing up to 10,000 characters for user prompts and up to 30,000 characters for AI-generated responses. The software also records the specific model in use and whether the account holds a paid subscription. All harvested information is exfiltrated to servers controlled by the developers. Meta AI was not initially referenced in the extension code, though researchers note that tracking could be switched on later through remote configuration.
Sensitive Information at Risk
AI chatbot conversations frequently contain highly personal or proprietary information, including health inquiries, financial details, job application materials, passwords, and internal company data. Many users operate under the assumption that interactions on platforms like ChatGPT or Gemini remain private, an expectation these extensions deliberately exploit. The Firefox versions of both add-ons carry a particularly deceptive label, explicitly stating that no data is being collected while engaging in the opposite behavior.
Users should immediately check their browsers for “Smart Adblocker” and “Adblock for Browser” and remove them if found. More broadly, it is wise to audit all extensions that have permission to read site data and uninstall any that are unfamiliar or no longer needed. For ad blocking, security experts recommend sticking to reputable open-source alternatives. As a general practice, treat AI chat services as semi-private spaces and avoid entering passwords, identification numbers, or confidential business information that you would not share with a stranger. This incident underscores that even extensions appearing harmless can capture deeply personal data at scale.
Sources: malext.io, cybersecuritynews.com