惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Application and Cybersecurity Blog
Application and Cybersecurity Blog
B
Blog RSS Feed
M
MIT News - Artificial intelligence
爱范儿
爱范儿
V
V2EX
雷峰网
雷峰网
D
Docker
美团技术团队
N
Netflix TechBlog - Medium
C
Cisco Blogs
T
Threatpost
K
Kaspersky official blog
P
Privacy International News Feed
W
WeLiveSecurity
T
Tor Project blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
博客园 - 聂微东
F
Full Disclosure
Forbes - Security
Forbes - Security
V
Vulnerabilities – Threatpost
I
Intezer
有赞技术团队
有赞技术团队
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Google Online Security Blog
Google Online Security Blog
The Register - Security
The Register - Security
GbyAI
GbyAI
Security Archives - TechRepublic
Security Archives - TechRepublic
Help Net Security
Help Net Security
人人都是产品经理
人人都是产品经理
SecWiki News
SecWiki News
Cyberwarzone
Cyberwarzone
Vercel News
Vercel News
罗磊的独立博客
The Hacker News
The Hacker News
腾讯CDC
S
Security @ Cisco Blogs
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
WordPress大学
WordPress大学
Recorded Future
Recorded Future
Apple Machine Learning Research
Apple Machine Learning Research
博客园 - 【当耐特】
小众软件
小众软件
Hacker News: Ask HN
Hacker News: Ask HN
P
Proofpoint News Feed
TaoSecurity Blog
TaoSecurity Blog
IT之家
IT之家
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
S
Security Affairs
C
Check Point Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org

DomainTools Investigations

DomainTools Investigations DomainTools Investigations | Threat Intelligence Report: The Pro-Iran Hacktivist Ecosystem 2026 Eighteen Newsletters and a Dozen Roses Threat Intelligence Report: Nation-State Targeting of Water Systems 2024–2026 The APT35 Dump Episode 4: Leaking The Backstage Pass To An Iranian Intelligence Operation Threat Intelligence Report: Russia, Router, DNS, and Messaging-Layer Collection Operations SecuritySnack - Hijacking Corporate Sessions Threat Intelligence Report: ZionSiphon OT Malware First Attempts? Psyops? Both? Threat Intelligence Report: The SDA / Structura / Doppelgänger, Influence Operations, Infrastructure, Reach, and Potential Edge of Seventeen (Newsletters) Cybersecurity Reading List - Week of 2026-06-01 Chinese Malware Delivery Domains Part II: Data Collection Cybersecurity Reading List - Week of 2026-05-04 Sixteen going on Seventeen Newsletters DPRK Contagious Interview: Developer Workflow Compromise The AI Frame Campaign Continues MOIS Linked MOIST GRASSHOPPER / Homeland Justice / KarmaBelow80 / Handala Hackers / Campaigns and Evolution Fifteen (Newsletters) On A Skateboard Handala: MOIS Linked Cyber Influence Ecosystem Threat Intelligence Assessment Cybersecurity Reading List - Week of 2026-04-06 DPRK Malware Modularity: Diversity and Functional Specialization Exposure of TLS Private Key for Myclaw 360 in Qihoo 360 “Security Claw” AI Platform SecuritySnack - CloudFlare Anti-Security For Phishing Fourteen Newsletters and Fifteen Winters Cybersecurity Reading List - Week of 2026-03-02 Doppelgänger / RRN Disinformation Infrastructure Ecosystem 2026 SecuritySnack - Idolized Crypto Scams Lotus Blossom (G0030) and the Notepad++ Supply-Chain Espionage Campaign Seven Nation Newsletter: I'm goin' to Wichita! Guess who's back, back again? DTI’s back, tell a friend! CTI Grapevine Becomes DomainTools Investigations Thirteen Silver Newsletters Newsletter Number 9, Keep On Movin' Down The Line Eight Days a Newsletter: I lo-o-o-ove research! Newsletter No. 5: A Little Bit of Research in my life… Tenth Newsletter Freeze-Out Newsletter 11 Could Take Forever 1, 2, 3, 4 Tell Me That You Love Newsletters It's 6’n the Mornin’ (and my Newsletter at your door!) DT Investigations - Security Research for the Community March 2025 DTI Newsletter: I Like Newsletters and I Cannot Lie
SecuritySnack - OpenAI Anti-Ads Malware
DomainTools · 2026-04-01 · via DomainTools Investigations

This report details the discovery of a malicious Chrome extension, named "ChatGPT Ad Blocker", found on the Google Chrome Web Store. The extension, linked to the GitHub ID krittinkalra (also linked to AI4ChatCo and Writecream), masquerades as an ad-blocking tool but is primarily designed to steal the user’s ChatGPT conversations data by systematically copying the HTML page and sending to it to a webhook on a private Discord channel.

The identified activity appears to be an attempt to capitalize on OpenAI's policy shift to serve advertisements on its free tier by distributing malicious extensions that allege to block these ads.

While the three domains identified with the website above were not fully functional at the time of discovery, in that they did not have a working pointer to the extension file, two newly created extensions by the same name and theme were found on Google’s Chrome Web store for extensions.

Extension Name: ChatGPT Ad Blocker
Extension ID: ipmmidjikiklckbngllogmggoofbhjikgb
Created: February 10, 2026
Developer: krittinkalra (GitHub ID: 6893033)

Email Domain: ai4chat[.]co

Malicious Extension

Upon installing the extension chrome.runtime.onInstalled fires immediately. 

This calls updateRules() to fetch remote configuration that creates a persistent alarm: chrome.alarms.create("fetchRules", {periodInMinutes: 60}) and fetches from: `https[:]//raw.githubusercontent[.]com/krittinkalra/chatgpt-ad-blocker/main/rules.json`

The alarm triggers every 60 minutes: chrome.alarms.onAlarm.addListener()and re-fetches rules.json with cache-busting: RULES_URL?t=${Date.now()}. This ensures the browser never caches configuration and would enable the attacker to remotely change the behavior of the extension without user knowledge. 

When the user browses to ChatGPT, the content.js script is injected, loading stored rules from chrome.storage.local. The current configuration was found to have the Ad-blocking function disabled. Instead, it registers a message listener for exfiltration trigger: chrome.runtime.onMessage.addListener()   

The primary purpose of the extension appears to be data harvesting. 

It appears to do this from popup.js → content.js scripts in which popup.js sends messages to content.js script: chrome.tabs.sendMessage(tab.id, {action: "GET_SANITIZED_HTML"}). The content.js script then calls getSanitizedHTML(). This function clones the entire DOM document.body.cloneNode(true) , removes rendering elements (scripts, styles, images) but preserves the text/structure of the page. It then walks text nodes, redacts only text > 150 chars if (node.nodeValue.length > 150) and returns full HTML structure with short text intact to popup.js script.  

With the prompt content from the page, popup.js then sends the captured user data to sendReport() function popup.js - sendReport(), which creates a discord embed payload content: "**New Ad Report Received**" by converting the captured HTML to Blob new Blob([htmlData], {type: 'text/html'}), builds FormData with file attachment formData.append('file', blob, 'page_dump.html') and posts to a hardcoded Discord webhook. 

https[:]//discord[.]com/api/webhooks/1470672111038103553/zkuhZvXgJ1auAbCTASubhGNF-wB2iTKVnvnp_uh3mCE8unGTTZBx49B6ZQzrEupkwr_f

The Discord channel receives a message with something like:

Discord Message: "**New Ad Report Received**"
Attached File: page_dump.html
Metadata: {Timestamp}

The content of the attachment being the full ChatGPTpage structure with user prompts, conversation metadata, UI state.

Discord Channel ID: 1470671197644783657
Webhook ID: 1470672111038103553
Webhook Bot Name: "Captain Hook"
Target Domain: chatgpt[.]com/* (all paths)
GitHub Rules URL: https[:]//raw.githubusercontent[.]com/krittinkalra/chatgpt-ad-blocker/main/rules.json

Having identified the suspected Github content retrieval as part of the extension’s core logic, we investigated the account “krittinkalra” as possibly associated with this activity and noted a trend in past projects leading up to the identified malicious application. As a disclaimer, we are not attributing the alleged persona in the identified account but instead following a lead about the account itself.

  • GitHub Account Age: ~12 years (created ~2014)
  • Previous Activity: Android kernel development (C/C++, 2014-2020)
  • Activity Gap: 5+ years dormant (October 2020 - February 2026)
  • Skill Pivot: C/C++ kernel developer → JavaScript malware (no transition)

The link to Github alias “krittinkalra” is also linked to the extension on Chrome Web Store and X (formerly Twitter). On X, the persona stated they also created AI4ChatCo and Writecream.

https[:]//x[.]com/krittinkalra

https[:]//www.youtube[.]com/channel/UCnIvSeWwZ95c92a_PUiNdQQ

Writecream alleges to generate marketing content, sales emails, blog articles, and stunning visuals in seconds with AI. AI4ChatCo alleges it is an AI platform integrating models like ChatGPT and Stable Diffusion to offer advanced chatbots, content generation, and workflow automation for over 1.5 million users worldwide.

It begs the question, is there similar user data theft, privacy violations, and malware in those apps?

Conclusion

Ads aren’t normally what we want to see, but malware and our private data and conversations being stolen is certainly lower on the list. This identified activity appears to be positioning to take advantage of the dramatic shift in OpenAI’s policy to serve up advertisements to its free tier users by distributing malicious Chrome extensions alleging to block ChatGPT ads. Specifically, the extension's primary purpose is data harvesting—stealing the full conversation structure, user prompts, and metadata—and exfiltrating it via a Discord webhook. Again, it begs the question, does the risk extend to other apps created by the same developer persona, krittinkalra, like AI4ChatCo and Writecream, which warrants further investigation into similar user data theft or privacy violations.

Security Advisory:

  • Be Skeptical: Treat any extension, especially those that promise to block ads on high-value sites, with extreme suspicion and scrutinize its requested permissions.
  • Investigate Related Services: Due to the developer's suspicious activity treat the affiliated services, AI4ChatCo and Writecream, as potentially compromised until proven otherwise.
  • Caution with Out-of-Band Services: Be extremely cautious with out-of-band AI services, such as those acting as intermediaries, resellers or add-ons. There is no guarantee they are acting in your best interest regarding your privacy and security and are well positioned to read and/or modify your conversations.

IOCs

blockaiads[.]com
openadblock[.]com
gptadblock[.]com