Over 260,000 Chrome Users Compromised by Fake AI Extensions in Sophisticated Data Theft Campaign
A widespread campaign has exposed over 260,000 Google Chrome users to significant security risks, as malicious actors disguised fake artificial intelligence (AI) productivity tools to steal sensitive browser data. Security researchers at LayerX uncovered a coordinated effort involving 30 deceptive Chrome extensions designed to grant remote servers deep access to user activity, including personal information and valuable credentials.
The attackers exploited the growing consumer interest in AI-powered applications, masquerading their malicious extensions as legitimate assistants similar to ChatGPT and Claude. This tactic leveraged the trust associated with popular AI brands and the conversational nature of AI interactions, which often encourages users to share detailed information without hesitation.
The ‘AiFrame’ Architecture: A New Level of Browser Threat
Researchers dubbed the malicious infrastructure behind this campaign “AiFrame,” a sophisticated architecture that allows attackers to maintain persistent control and evade detection. Unlike traditional malware that embeds malicious code directly within the extension, these extensions utilize embedded iframes – essentially webpages within webpages – to load the core functionality from remote servers. This approach allows attackers to dynamically alter the extension’s behavior, introduce new capabilities, and modify data-handling practices without requiring users to download and install updates through the Chrome Web Store.
Natalie Zargarov, a security researcher at LayerX, explained, “By injecting iframes that mimic trusted AI interfaces, they’ve created a nearly invisible man-in-the-middle attack that intercepts everything from API keys to personal data before it ever reaches the legitimate service.” This means that even if a user is interacting with a genuine AI service, the malicious extension can intercept and steal their data before it’s encrypted and transmitted securely.
The extensions share identical JavaScript logic, permission sets, and backend infrastructure hosted under the domain tapnetic[.]pro. Despite being published under different names and branding, they all rely on the same underlying architecture. Alarmingly, several of these malicious extensions were even prominently “Featured” in the Chrome Web Store, lending them an air of legitimacy and accelerating their adoption rate. This highlights a critical vulnerability in the Chrome Web Store’s vetting process.
Targeting Gmail and Beyond
The scope of this campaign extends beyond general data collection. A subset of 15 extensions specifically targeted Gmail users. These versions injected code into Gmail’s interface, allowing them to access visible email content directly from the Document Object Model (DOM), including conversation threads, drafts, and even composed messages. This data was then transmitted to the attackers’ backend systems when AI-related features were activated within the extension.
The broad <all_urls> permission requested by these extensions grants them access to content across virtually any website a user visits. This means that sensitive information viewed within enterprise portals, internal dashboards, SaaS platforms, and cloud environments could potentially be intercepted and relayed to the attackers. What safeguards are organizations putting in place to protect against this type of browser-based threat?
Extension Spraying: A Persistent Threat
The attackers demonstrated a remarkable level of persistence and adaptability through a tactic known as “extension spraying.” When one malicious extension was removed from the Chrome Web Store in February 2025, an identical copy reappeared within two weeks under a new identifier, retaining the same permissions and backend connections. This rapid re-publication strategy allows the campaign to continue distributing malicious extensions despite enforcement actions.
Did You Know? Browser extensions now operate with privileges that rival traditional endpoint software, making them a significant component of the modern attack surface.
Protecting Yourself and Your Organization
The rise of browser-based threats necessitates a proactive and layered security approach. Organizations and individuals must take steps to mitigate the risks associated with malicious browser extensions.
Here are key steps to consider:
- Restrict Extension Installations: Implement enterprise policies to control browser extension installations, allowing only vetted add-ons and blocking developer mode or sideloading.
- Enforce Strict Permission Governance: Flag or deny extensions requesting broad permissions like <all_urls>, cookie access, or content script injection.
- Monitor Browser Telemetry: Utilize browser and endpoint telemetry to detect unusual behaviors, including DOM scraping, iframe injection, and suspicious outbound connections.
- Implement Security Controls: Deploy DNS filtering, egress controls, and data loss prevention (DLP) measures to block unauthorized data transmission.
- Apply Least Privilege: Enforce multi-factor authentication, conditional access, and device trust policies to reduce the impact of compromised browsers.
- Conduct Regular Audits: Perform regular browser configuration audits and threat hunting to identify unauthorized extensions and permission drift.
- Test Incident Response Plans: Regularly test and update incident response plans to include scenarios involving browser extension compromise and data exfiltration.
The threat landscape is constantly evolving, and browser extensions represent a new and increasingly sophisticated attack vector. How can security teams stay ahead of these emerging threats and protect their organizations from browser-based attacks?
Frequently Asked Questions About Malicious Chrome Extensions
What are the risks associated with installing malicious Chrome extensions?
Malicious Chrome extensions can steal sensitive data, including login credentials, financial information, and personal data. They can also inject malicious code into websites you visit, redirect you to phishing sites, and compromise your online accounts.
How can I tell if a Chrome extension is malicious?
Look for extensions with excessive permission requests, poor reviews, or a lack of transparency about the developer. Be wary of extensions that request access to all websites you visit (<all_urls>).
What is the ‘AiFrame’ architecture used by these malicious extensions?
The ‘AiFrame’ architecture utilizes embedded iframes to load the core functionality of the extension from remote servers, allowing attackers to dynamically alter the extension’s behavior and evade detection.
Are enterprise users more at risk from these types of attacks?
Yes, enterprise users are particularly vulnerable because malicious extensions can access sensitive data within internal portals, dashboards, and cloud environments.
What steps can organizations take to mitigate the risk of malicious Chrome extensions?
Organizations should restrict extension installations, enforce strict permission governance, monitor browser telemetry, and implement security controls like DNS filtering and DLP.
How does extension spraying contribute to the persistence of these campaigns?
Extension spraying involves rapidly re-publishing malicious extensions under new identifiers after they are removed from the Chrome Web Store, allowing the campaign to continue distributing malware despite enforcement actions.
Share this article to help others stay safe online and join the conversation in the comments below!
Discover more from Archyworldys
Subscribe to get the latest posts sent to your email.
