These Malicious AI Assistants in Chrome Are Stealing Users’ Credentials.
AI-powered browser extensions continue to be a popular tool for attackers seeking to harvest user information. Researchers at security firm LayerX have analyzed numerous campaigns involving malicious browser extensions in recent months, including the widespread GhostPoster scheme targeting Chrome, Firefox, and Edge. In the latest of these, dubbed AiFrame , attackers distributed approximately 30 Chrome extensions mimicking well-known AI assistants, including Claude, ChatGPT, Gemini, Grok, and “AI Gmail.” Collectively, these fakes have been installed more than 300,000 times.
Fake Chrome extensions imitate popular AI assistants.
Chrome extensions identified as part of AiFrame appear to be legitimate artificial intelligence tools typically used for resume writing, chatting, text writing, and Gmail support. However, once installed, they grant attackers extensive remote access to the user’s browser. Discovered capabilities include voice recognition, pixel tracking, and email content readability testing. Researchers note that the extensions are generally capable of collecting data and tracking user behavior.
Although the extensions analyzed by LayerX used different names and branding, all 30 were found to have the same internal structure, logic, permissions, and server infrastructure. Instead of implementing functionality locally on the user’s device, they display a full-screen iframe that loads remote content as the extension’s interface. This allows attackers to make undetected changes at any time without requiring a Chrome Web Store update.
LayerX provides a full list of extension names and IDs to look out for. Because attackers use familiar and/or generic names like “Gemini AI Sidebar” and “ChatGPT Translate,” you may not immediately recognize the fakes. If you have the AI assistant installed in Chrome, go to chrome://extensions, enable developer mode in the upper-right corner, and look for the ID under the extension name. Remove any malicious add-ons and reset your passwords.
As BleepingComputer reports , some malicious extensions have already been removed from the Chrome Web Store, but others remain. Several have received a “Recommended” badge, enhancing their legitimacy. Attackers were also able to quickly republish extensions under new names using existing infrastructure, so this campaign and others like it may continue. Always vet extensions thoroughly—don’t rely solely on a familiar name like ChatGPT—and remember that even AI-powered extensions from trusted sources can be very dangerous .