Security researchers uncover 30 malicious Chrome extensions masquerading as AI tools that steal credentials, emails, and browsing data from hundreds of thousands of users.
A sophisticated campaign targeting Chrome users has been uncovered, involving 30 malicious browser extensions that have collectively amassed over 300,000 installations while masquerading as legitimate AI productivity tools. The campaign, dubbed "AiFrame" by researchers at LayerX, represents a significant threat to user privacy and security across the Chrome ecosystem.
The Scale of the Threat
The malicious extensions span a range of fake AI tools, with some still actively available on the Chrome Web Store despite their dangerous capabilities. Among the most widely installed are:
- AI Sidebar (70,000 users)
- AI Assistant (60,000 users)
- ChatGPT Translate (30,000 users)
- AI GPT (20,000 users)
What makes this campaign particularly concerning is that these extensions don't just collect basic browsing data—they actively target sensitive information including email content, authentication credentials, and even voice conversations from users' environments.
How the Attack Works
Unlike traditional malware that requires local installation, these extensions employ a clever architecture that allows attackers to modify their behavior remotely without triggering Chrome's security review process. Each extension renders a full-screen iframe that loads content from a remote domain (tapnetic[.]pro), effectively creating a backdoor that can be updated at any time.
"This architecture is particularly dangerous because it allows the extension operators to change the logic at any time without pushing an update," explains LayerX's research team. "They can avoid a new review process entirely, just like in the case of Microsoft Office Add-ins."
Gmail Targeting and Email Theft
One of the most alarming aspects of the AiFrame campaign is its sophisticated targeting of Gmail users. A subset of 15 extensions specifically focuses on extracting email content using a dedicated content script that activates at 'document_start' on 'mail.google.com'.
These extensions inject UI elements directly into Gmail's interface and use JavaScript to read visible email content from the DOM. The attack is comprehensive—it captures not only read emails but also drafts, potentially exposing sensitive communications before they're even sent.
When users invoke Gmail-related features like AI-assisted replies or summaries, the extracted email content is transmitted to third-party backend infrastructure controlled by the attackers. This represents a significant breach of Gmail's security boundary, with potentially devastating consequences for both personal and business communications.
Voice Recognition Exploitation
The extensions also feature a remotely triggered voice recognition mechanism using the Web Speech API. Depending on the permissions granted by users during installation, these tools can potentially capture conversations from the victim's environment, turning what appears to be a helpful AI assistant into an eavesdropping device.
The Broader Context
This campaign is part of a disturbing trend in browser extension security. Similar attacks have recently been discovered, including:
- GhostPoster extensions with 840,000 installs harvesting social media data
- Zoom Stealer extensions targeting corporate meeting intelligence
- Trust Wallet phishing extensions responsible for a $7 million crypto theft
These incidents highlight the ongoing challenges faced by browser extension marketplaces in maintaining security while balancing the need for developer innovation and user convenience.
Protection and Response
For users who may have installed any of these malicious extensions, immediate action is recommended:
- Check for infection: Review the list of installed Chrome extensions and remove any suspicious ones
- Change passwords: Reset passwords for all accounts, especially email and financial services
- Enable two-factor authentication: Add an extra layer of security to critical accounts
- Monitor accounts: Watch for unusual activity or unauthorized access attempts
LayerX has published a comprehensive list of indicators of compromise that users can reference to identify potentially affected extensions.
Industry Implications
The AiFrame campaign raises serious questions about the security practices of browser extension marketplaces. While Google has not yet responded to requests for comment on these findings, the continued presence of some malicious extensions in the Chrome Web Store suggests that current review processes may be insufficient to detect sophisticated attacks that leverage remote infrastructure.
As AI tools become increasingly integrated into productivity workflows, users must remain vigilant about the extensions they install. The convenience of AI-powered features should never come at the cost of fundamental security and privacy.
For the latest security updates and to stay informed about emerging threats, follow trusted security researchers and regularly review your browser's extension permissions. In an era where browser extensions can access virtually everything you do online, caution and regular security hygiene are more important than ever.
Comments
Please log in or register to join the discussion