A set of 30 malicious Chrome extensions that have been installed by more than 300,000 users are masquerading as AI assistants to steal credentials, email content, and browsing information.
Some of the extensions are still present in the Chrome Web Store and have been installed by tens of thousands of users, while others show a small install count.
Researchers at browser security platform LayerX discovered the malicious extension campaign and named it AiFrame. They found that all analyzed extensions are part of the same malicious effort as they communicate with infrastructure under a single domain, tapnetic[.]pro.
According to them, the most popular extension in the AiFrame campaign had 80,000 users and was called Gemini AI Sidebar (fppbiomdkfbhgjjdmojlogeceejinadg), but it is no longer on the Chrome Web Store.
However, BleepingComputer found that other extensions with thousands of users are still present on Google's repository for Chrome extensions. It should be noted that the names may be different in some cases, but the identification is the same.
AI Sidebar (gghdfkafnhfpaooiolhncejnlgglhkhe) – 70,000 users AI Assistant (nlhpidbjmmffhoogcennoiopekbiglbp) – 60,000 users ChatGPT Translate (acaeafediijmccnjlokgcdiojiljfpbe) – 30,000 users AI GPT (kblengdlefjpjkekanpoidgoghdngdgl) – 20,000 users ChatGPT (llojfncgbabajmdglnkbhmiebiinohek) – 20,000 users AI Sidebar (djhjckkfgancelbmgcamjimgphaphjdl) – 10,000 users Google Gemini (fdlagfnfaheppaigholhoojabfaapnhb) – 10,000 users
LayerX found that all 30 extensions share the same internal structure, JavaScript logic, permissions, and backend infrastructure.
The malicious browser add-ons do not implement AI functionality locally; instead, they deliver the promised feature by rendering a full-screen iframe to load content from a remote domain.
This, by itself, is risky, as publishers can change the extensions’ logic at any time without pushing an update - just like in the case of Microsoft Office Add-ins - thus avoiding a new review.
In the background, the extensions extract page content from websites the user visits, including sensitive authentication pages, using Mozilla’s Readability library.
... continue reading