SEVEN.LEGEND // V4
Users Online: 1
Total Hits: 8,835
CODES // DATA STREAM
SECURITY CODE & SCRIPTS
« BACK
Urban VPN Malware Detector - 8M+ Users Affected
PYTHON
Cross-platform Python script to detect malicious Urban VPN browser
extensions that silently harvest AI conversations from ChatGPT, Claude,
Gemini, and other platforms. Affects 8+ million Chrome/Edge users.
Works on Windows, macOS, and Linux with zero dependencies.
UPLOADED: 2026.02.06
ID: urbanvpn-detector //
LANG: Python //
LINES: 300
#!/usr/bin/env python3
"""
Urban VPN Malicious Extension Detector
Checks for presence of malicious extensions that harvest AI conversations
Supports: Windows, macOS, Linux
"""
import os
import sys
import json
import platform
from pathlib import Path
from typing import List, Dict, Tuple
# Malicious extension IDs and details
MALICIOUS_EXTENSIONS = {
'chrome': {
'eppiocemhmnlbhjplcgkofciiegomcon': {
'name': 'Urban VPN Proxy',
'users': '6,000,000',
'severity': 'CRITICAL'
},
'pphgdbgldlmicfdkhondlafkiomnelnk': {
'name': '1ClickVPN Proxy',
'users': '600,000',
'severity': 'CRITICAL'
},
'almalgbpmcfpdaopimbdchdliminoign': {
'name': 'Urban Browser Guard',
'users': '40,000',
'severity': 'CRITICAL'
},
'feflcgofneboehfdeebcfglbodaceghj': {
'name': 'Urban Ad Blocker',
'users': '10,000',
'severity': 'CRITICAL'
}
},
'edge': {
'nimlmejbmnecnaghgmbahmbaddhjbecg': {
'name': 'Urban VPN Proxy',
'users': '1,323,622',
'severity': 'CRITICAL'
},
'deopfbighgnpgfmhjeccdifdmhcjckoe': {
'name': '1ClickVPN Proxy',
'users': '36,459',
'severity': 'CRITICAL'
},
'jckkfbfmofganecnnpfndfjifnimpcel': {
'name': 'Urban Browser Guard',
'users': '12,624',
'severity': 'CRITICAL'
},
'gcogpdjkkamgkakkjgeefgpcheonclca': {
'name': 'Urban Ad Blocker',
'users': '6,476',
'severity': 'CRITICAL'
}
}
}
def get_chrome_extension_paths() -> List[Path]:
"""Get Chrome extension directory paths based on OS."""
system = platform.system()
paths = []
if system == 'Windows':
# Windows paths
local_appdata = os.getenv('LOCALAPPDATA', '')
if local_appdata:
paths.append(Path(local_appdata) / 'Google' / 'Chrome' / 'User Data')
elif system == 'Darwin': # macOS
home = Path.home()
paths.append(home / 'Library' / 'Application Support' / 'Google' / 'Chrome')
elif system == 'Linux':
home = Path.home()
paths.append(home / '.config' / 'google-chrome')
paths.append(home / '.config' / 'chromium') # Also check Chromium
return paths
def get_edge_extension_paths() -> List[Path]:
"""Get Edge extension directory paths based on OS."""
system = platform.system()
paths = []
if system == 'Windows':
local_appdata = os.getenv('LOCALAPPDATA', '')
if local_appdata:
paths.append(Path(local_appdata) / 'Microsoft' / 'Edge' / 'User Data')
elif system == 'Darwin': # macOS
home = Path.home()
paths.append(home / 'Library' / 'Application Support' / 'Microsoft Edge')
elif system == 'Linux':
home = Path.home()
paths.append(home / '.config' / 'microsoft-edge')
return paths
def get_all_profiles(base_path: Path) -> List[Path]:
"""Get all Chrome/Edge profile directories."""
profiles = []
if not base_path.exists():
return profiles
# Default profile
default = base_path / 'Default' / 'Extensions'
if default.exists():
profiles.append(default)
# Additional profiles (Profile 1, Profile 2, etc.)
for item in base_path.iterdir():
if item.is_dir() and item.name.startswith('Profile'):
ext_path = item / 'Extensions'
if ext_path.exists():
profiles.append(ext_path)
return profiles
def check_extension_installed(extension_id: str, extension_path: Path) -> Tuple[bool, str]:
"""
Check if a specific extension ID exists and get version.
Returns: (is_installed, version)
"""
ext_dir = extension_path / extension_id
if not ext_dir.exists():
return False, ""
# Try to find version from manifest
for version_dir in ext_dir.iterdir():
if version_dir.is_dir():
manifest_path = version_dir / 'manifest.json'
if manifest_path.exists():
try:
with open(manifest_path, 'r', encoding='utf-8') as f:
manifest = json.load(f)
return True, manifest.get('version', version_dir.name)
except:
return True, version_dir.name
return True, "unknown"
def scan_browser(browser_name: str, base_paths: List[Path], extension_list: Dict) -> List[Dict]:
"""Scan a browser for malicious extensions."""
found_extensions = []
for base_path in base_paths:
profiles = get_all_profiles(base_path)
for profile_path in profiles:
profile_name = profile_path.parent.name
for ext_id, ext_info in extension_list.items():
is_installed, version = check_extension_installed(ext_id, profile_path)
if is_installed:
found_extensions.append({
'browser': browser_name,
'profile': profile_name,
'extension_id': ext_id,
'extension_name': ext_info['name'],
'version': version,
'total_users': ext_info['users'],
'severity': ext_info['severity'],
'path': str(profile_path / ext_id)
})
return found_extensions
def print_banner():
"""Print script banner."""
print("=" * 70)
print(" URBAN VPN MALICIOUS EXTENSION DETECTOR")
print(" Checks for AI conversation harvesting extensions")
print("=" * 70)
print(f"Platform: {platform.system()} {platform.release()}")
print(f"Python: {sys.version.split()[0]}")
print("=" * 70)
print()
def print_results(found: List[Dict]):
"""Print scan results."""
if not found:
print("✅ GOOD NEWS: No malicious extensions detected!")
print()
print("Your system appears clean. However, stay vigilant:")
print(" • Only install extensions from trusted sources")
print(" • Review extension permissions before installing")
print(" • Regularly audit your installed extensions")
return
print(f"⚠️ WARNING: Found {len(found)} malicious extension(s)!")
print()
for idx, ext in enumerate(found, 1):
print(f"[{idx}] {ext['extension_name']}")
print(f" Browser: {ext['browser']}")
print(f" Profile: {ext['profile']}")
print(f" Version: {ext['version']}")
print(f" Severity: {ext['severity']}")
print(f" Extension ID: {ext['extension_id']}")
print(f" Path: {ext['path']}")
print()
print("=" * 70)
print("⚠️ IMMEDIATE ACTION REQUIRED!")
print("=" * 70)
print()
print("These extensions harvest your AI conversations and sell them to")
print("data brokers. They capture:")
print(" • All ChatGPT, Claude, Gemini, Copilot conversations")
print(" • Your prompts and AI responses")
print(" • Conversation metadata and timestamps")
print()
print("WHAT TO DO NOW:")
print()
print("1. UNINSTALL these extensions immediately:")
print(" • Open your browser")
print(" • Go to Extensions (chrome://extensions or edge://extensions)")
print(" • Remove ALL detected extensions")
print()
print("2. ASSUME YOUR DATA IS COMPROMISED:")
print(" • Any AI conversations since July 2025 may have been harvested")
print(" • Review what sensitive info you've shared with AI assistants")
print(" • Consider changing passwords if you discussed them")
print()
print("3. REPORT THE EXTENSIONS:")
print(" • Chrome: chrome.google.com/webstore/report")
print(" • Edge: microsoftedge.microsoft.com/addons/report-abuse")
print()
print("For more information:")
print("https://www.koi.ai/blog/urban-vpn-browser-extension-ai-conversations-data-collection")
print()
def main():
"""Main execution function."""
print_banner()
# Check if running on mobile (shouldn't happen, but just in case)
if platform.system() not in ['Windows', 'Darwin', 'Linux']:
print(f"⚠️ Unsupported platform: {platform.system()}")
print("This script supports Windows, macOS, and Linux only.")
print("Mobile platforms (iOS/Android) are not affected by this vulnerability.")
return
print("🔍 Scanning for malicious extensions...")
print()
found_extensions = []
# Scan Chrome
print("Checking Chrome/Chromium...")
chrome_paths = get_chrome_extension_paths()
chrome_found = scan_browser('Chrome', chrome_paths, MALICIOUS_EXTENSIONS['chrome'])
found_extensions.extend(chrome_found)
print(f" Found {len(chrome_found)} malicious Chrome extension(s)")
# Scan Edge
print("Checking Microsoft Edge...")
edge_paths = get_edge_extension_paths()
edge_found = scan_browser('Edge', edge_paths, MALICIOUS_EXTENSIONS['edge'])
found_extensions.extend(edge_found)
print(f" Found {len(edge_found)} malicious Edge extension(s)")
print()
print("=" * 70)
print()
# Print results
print_results(found_extensions)
# Exit with appropriate code
sys.exit(1 if found_extensions else 0)
if __name__ == '__main__':
try:
main()
except KeyboardInterrupt:
print("\n\n⚠️ Scan interrupted by user")
sys.exit(130)
except Exception as e:
print(f"\n❌ Error during scan: {e}")
print("Please report this issue with your platform details.")
sys.exit(1)