Full write-up: MalExt Sentry - Malicious Browser Extension Tracker
Two Chrome extensions presenting as adblockers also intercept every prompt and response on ChatGPT, Claude, Gemini, Copilot, Grok, Perplexity, DeepSeek, and Meta AI, exfiltrating them to operator-controlled servers.
They also check whether you're a paid user on 5 of the 8 platforms
(ChatGPT, Claude, Perplexity, Copilot, Gemini).
Both share the same capture engine, payload format, and partnerId.
Two brands, one operation.
- Smart Adblocker - Chrome Web Store `iojpcjjdfhlcbgjnpngcmaojmlokmeii`, 80k users
- Adblock for Browser - Chrome Web Store `jcbjcocinigpbgfpnhlpagidbmlngnnn`, 10k users
Report covers the IOCs, live remote config, reproduction curl, and full target breakdown.
Chrome Web Store abuse reports filed.
[link] [comments]
No comments:
Post a Comment