According to security researchers at Koi, the Google Chrome extension targeted conversations across 10 AI platforms, namely, ChatGPT, Claude, Gemini, Microsoft Copilot, Perplexity, DeepSeek, Grok (xAI) and Meta AI. For each platform, the extension used a dedicated “executor” script, which helped intercept and capture the users’ conversations, with researchers saying that the only way to stop data collection was to uninstall the extension.

Researchers also found out that Urban Proxy VPN started intercepting and collecting AI chatbot interactions with version 5.5.0, which was released earlier this year in July. By injecting scripts into chatbots like ChatGPT and Gemini, the extension was able to read messages and responses and send back data like prompts, responses, timestamps and session metadata back to Urban VPN’s servers.

As it turns out, Urban VPN Proxy isn’t the only malicious Chrome extension that made its way to the store. The malicious code was also discovered in seven other extensions that were made by the same developer. This included 1ClickVPNProxy, Urban Browser Guard and Urban Ad Blocker.

Since Chrome extensions update automatically by default, users who had installed Urban VPN were largely unaware that their conversations with AI chatbots were being collected. As a result, chats with services like Gemini, ChatGPT, and others were captured and exfiltrated without users’ knowledge. For those unfamiliar, Urban VPN Proxy is owned by Urban Cyber Security Inc, a company affiliated with data broker BiScience. According to reports, the harvested data is being sold to marketing and analytics firms.