SEVEN.LEGEND // V4
Users Online: 1
Total Hits: 8,820
WELCOME TO SEVEN'S DOMAIN
SECURE RESEARCH FACILITY
System initialization complete.
Accessing main mainframe...
Explore exploits, custom tools, and historical archives.
ACCESS LOGS
SYSTEM LOG // RECENT ACTIVITY
"The universe is change; our life is what our thoughts make it."
CRITICAL: 8M Users' AI Conversations Harvested by "Privacy" Extensions
CRITICAL: 8M Users' AI Conversations Harvested by "Privacy" Extensions
TL;DR: Urban VPN and related Chrome/Edge extensions silently exfiltrate your ChatGPT, Claude, and Gemini conversations to data brokers. Built a cross-platform detector - check the CODE section.
The Threat
Koi Security discovered 8 "Featured" browser extensions running a massive surveillance op. They override fetch() and XMLHttpRequest to intercept ALL AI platform traffic - even when disconnected.
Targeted Platforms:
ChatGPT • Claude • Gemini • Copilot • Perplexity • DeepSeek • Grok • Meta AI
Attack Timeline:
July 9, 2025: v5.5.0 silently added harvesting via auto-update
Data exfiltrated to analytics.urban-vpn.com
8M+ users affected across Chrome/Edge
The Scanner
Built a multi-platform detector (Windows/macOS/Linux) that scans for all 8 malicious extension IDs. Zero dependencies, completely offline.
→ Get the scanner in my CODE section
Malicious Extension IDs:
eppiocemhmnlbhjplcgkofciiegomcon - Urban VPN (6M users)
pphgdbgldlmicfdkhondlafkiomnelnk - 1ClickVPN (600K)
Plus 6 more variants (see scanner output)
What Gets Stolen
Every prompt, every response, conversation metadata, timestamps. Medical questions, financial details, proprietary code - all sold for "marketing analytics."
Mitigation
Grab the scanner from My CODE section
Uninstall any flagged extensions
Assume July 2025+ AI conversations are compromised
Source: Koi Security Research
Stay paranoid. Review your extensions.
TL;DR: Urban VPN and related Chrome/Edge extensions silently exfiltrate your ChatGPT, Claude, and Gemini conversations to data brokers. Built a cross-platform detector - check the CODE section.
The Threat
Koi Security discovered 8 "Featured" browser extensions running a massive surveillance op. They override fetch() and XMLHttpRequest to intercept ALL AI platform traffic - even when disconnected.
Targeted Platforms:
ChatGPT • Claude • Gemini • Copilot • Perplexity • DeepSeek • Grok • Meta AI
Attack Timeline:
July 9, 2025: v5.5.0 silently added harvesting via auto-update
Data exfiltrated to analytics.urban-vpn.com
8M+ users affected across Chrome/Edge
The Scanner
Built a multi-platform detector (Windows/macOS/Linux) that scans for all 8 malicious extension IDs. Zero dependencies, completely offline.
→ Get the scanner in my CODE section
Malicious Extension IDs:
eppiocemhmnlbhjplcgkofciiegomcon - Urban VPN (6M users)
pphgdbgldlmicfdkhondlafkiomnelnk - 1ClickVPN (600K)
Plus 6 more variants (see scanner output)
What Gets Stolen
Every prompt, every response, conversation metadata, timestamps. Medical questions, financial details, proprietary code - all sold for "marketing analytics."
Mitigation
Grab the scanner from My CODE section
Uninstall any flagged extensions
Assume July 2025+ AI conversations are compromised
Source: Koi Security Research
Stay paranoid. Review your extensions.
AI Website Concept
One day I will have to try to create this website as it looks here lol.
