Security Report: Urban VPN Proxy Extension Causing Active Malware and System Damage

[Ashutosh Sharma]

Hello Chrome Extensions Security Team,

I am reporting a Chrome extension that appears to be malicious and is actively flagged by Windows Security, with severe impact on my device.

Extension name: Urban VPN Proxy
Extension ID: veppiocehmnblhjplcgkofciegomcon
Affected component: service_worker/index.js
Chrome version: Latest stable (Windows)

Windows Defender detects this extension as Trojan/ChatGPTStealer!MSR (Severe) and reports that it executes remote commands and runs persistently through Chrome service workers. The threat remains active until the extension and its related policies are forcibly removed.

After installation and use of this extension, my system experienced serious issues, including abnormal CPU usage, device overheating, performance degradation, and data integrity concerns. These effects required immediate remediation and posed a risk to both system stability and hardware safety.

This extension was installed from the Chrome Web Store and repeatedly reinstalls itself through background mechanisms, which strongly suggests policy abuse or service worker persistence.

Please investigate this extension for credential theft, remote command execution, persistence behavior, and potential system harm, and take appropriate action if confirmed.

I am happy to provide logs, screenshots, or additional technical details if required.

Regards,
Ashutosh Sharma