Thirty malicious Chrome extensions installed by more than 300,000 users are posing as AI assistants to steal credentials, email content, and browsing data in a technical analysis published by LayerX
KEY FACTS
- Incident 30 malicious Chrome extensions masquerading as AI assistants
- Scale more than 300,000 total installs
- Technique full screen iframes load remote content and extract page data
- Target some extensions specifically capture Gmail content and voice transcripts
The extensions are grouped into a campaign named AiFrame and share a common internal structure, JavaScript logic, permissions, and backend infrastructure.
The most installed add on in the campaign reached about 80,000 users before removal. Other extensions still listed included names with reported install counts such as “AI Sidebar” at 70,000 installs and “AI Assistant” at 60,000 installs.
All extensions render promised features by loading a remote full screen iframe rather than implementing AI locally. They communicate with infrastructure under a single domain, noted as tapnetic[.]pro, which allows operators to change extension behavior without publishing a new store update.
The add ons extract page content from visited sites using Mozilla’s Readability library. A subset of extensions injects scripts at document_start on mail.google.com to read visible email text and repeatedly extract thread content via textContent. Voice capture and transcription features use the Web Speech API and return transcripts to remote servers.
If a device is compromised the recommended remediation is to remove the malicious extension and reset passwords for affected accounts. The technical analysis includes a list of indicators of compromise for the full set of extensions.
WHY IT MATTERS
Extensions that load remote code can exfiltrate sensitive data without further app store review. Users and administrators should review installed extensions and follow the report’s mitigation steps if they detect compromise.