Follow Naijacrux on twitter .follow us on Twitter www.twitter.com/naijacruxonline, or @naijacruxonline or search for naijacruxonline on twitter!!Like us on facebook .Like us at www.facebook.com/Naijacruxforum.Click Here To Last longer In Bed[Stay amused>>>Don’t be a one minute Foul]>>> Love need Tips-See how Here


Author Topic: These Malicious AI Assistants in Chrome Are Stealing User Credentials  (Read 59 times)

0 Members and 1 Guest are viewing this topic.

Offline Nairaland

  • Global Moderator
  • Sr. Member
  • *****
  • Posts: 405
  • Karma: +0/-0
Advertisement
These Malicious AI Assistants in Chrome Are Stealing User Credentials

AI-powered browser extensions continue to be a popular vector for threat actors looking to harvest user information. Researchers at security firm LayerX have analyzed multiple campaigns in recent months involving malicious browser extensions, including the widespread GhostPoster scheme targeting Chrome, Firefox, and Edge. In the latest one—dubbed AiFrame—threat actors have pushed approximately 30 Chrome add-ons that impersonate well-known AI assistants, including Claude, ChatGPT, Gemini, Grok, and "AI Gmail." Collectively, these fakes have more than 300,000 installs.

The Chrome extensions identified as part of AiFrame look like legitimate AI tools commonly used for summarizing, chat, writing, and Gmail assistance. But once installed, they grant attackers wide-ranging remote access to the user's browser. Some of the capabilities observed include voice recognition, pixel tracking, and email content readability. Researchers note that extensions are broadly capable of harvesting data and monitoring user behavior.

Though the extensions analyzed by LayerX used a variety of names and branding, all 30 were found to have the same internal structure, logic, permissions, and backend infrastructure. Instead of implementing functionality locally on the user's device, they render a full-screen iframe that loads remote content as the extension's interface. This allows attackers to push changes silently at any time without a requiring Chrome Web Store update.

LayerX has a complete list of the names and extension IDs to refer to. Because threat actors use familiar and/or generic branding, such as "Gemini AI Sidebar" and "ChatGPT Translate," you may not be able to identify fakes at first glance. If you have an AI assistant installed in Chrome, go to chrome://extensions, toggle on Developer mode in the top-right corner, and search for the ID below the extension name. Remove any malicious add-ons and reset passwords.

As BleepingComputer reports, some of the malicious extensions have already been removed from the Chrome Web Store, but others remain. Several have received the "Featured" badge, adding to their legitimacy. Threat actors have also been able to quickly republish add-ons under new names using the existing infrastructure, so this campaign and others like it may persist. Always vet extensions carefully—don't just rely on a familiar name like ChatGPT—and note that even AI-powered add-ons from trusted sources can be highly invasive.


Source: These Malicious AI Assistants in Chrome Are Stealing User Credentials


 

 

YouTube Will Soon Support Automatic Picture-in-Picture When Switching Tabs in Chrome

Started by Nairaland

Replies: 0
Views: 883
Last post April 23, 2025, 09:02:31 AM
by Nairaland
An Audit Found That DuckDuckGo's VPN Doesn't Track User Activity

Started by Nairaland

Replies: 0
Views: 53
Last post April 26, 2026, 05:09:56 AM
by Nairaland
How Apple Plans to Improve Its AI Models While Protecting User Privacy

Started by Nairaland

Replies: 0
Views: 674
Last post April 17, 2025, 08:15:30 PM
by Nairaland
Someone Found Over 180 Million User Records in an Unprotected Online Database

Started by Nairaland

Replies: 0
Views: 1146
Last post May 26, 2025, 02:06:04 AM
by Nairaland
I'm a Long-Time Philips Hue User, and These Are My Six Favorite Features

Started by Nairaland

Replies: 0
Views: 372
Last post June 19, 2025, 10:31:07 PM
by Nairaland