Fake Chrome AI extensions targeted over 300,000 users to steal emails, personal data and more - here's what we know

News
By published

Criminals are pushing surveillance tools into the Google Chrome Web Store

Large blue eyeball watching businesswoman working at computer
(Image credit: Getty Images)
  • LayerX found 30 malicious Chrome extensions posing as GenAI tools
  • Extensions exfiltrated page text, metadata, and Gmail content to attacker servers
  • Over 300,000 downloads; popular add-ons included AI Sidebar, AI Assistant, and ChatGPT Translate

Security researchers have discovered more than 30 malicious Chrome extensions that posed as GenAI add-ons, but were actually surveillance and content-stealing tools.

The experts from LayerX reported dozens of Chrome extensions of the Google Chrome Web Store, all posing as AI tools and assistants.

While on the surface they work as indented, in the background, they are exfiltrating everything they see in the web browser to a third-party server.

Full-screen frames

As LayerX explained, the extensions use Mozilla’s Readability library to extract the text, titles, and metadata of any page a user visits, including internal corporate or private authenticated pages.

In other words, they act as spies looking over their victims’ shoulders. When they view a website, or Gmail, the extension “reads” the text on the screen and then sends it to a hidden window inside the extension.

In fact, there is a specific subset of 15 extensions that includes code to read and extract email content and even draft messages from the Gmail interface.

The attackers also went to lengths to avoid being seen or scrutinized. At the same time, they made sure they could push updates to the extensions without triggering any alarms. They did this by using full-screen iframes to load content remotely, instead of running features locally.

Since the interface and logic are loaded from a remote server, they can change the extension's behavior at any time without needing to push an update through the Chrome Web Store.

BleepingComputer made a list of the most popular among the malicious add-ons, so if you have any of these installed, make sure to delete them and refresh your passwords:

AI Sidebar (gghdfkafnhfpaooiolhncejnlgglhkhe) – 70,000 users

AI Assistant (nlhpidbjmmffhoogcennoiopekbiglbp) – 60,000 users

ChatGPT Translate (acaeafediijmccnjlokgcdiojiljfpbe) – 30,000 users

AI GPT (kblengdlefjpjkekanpoidgoghdngdgl) – 20,000 users

ChatGPT (llojfncgbabajmdglnkbhmiebiinohek) – 20,000 users

AI Sidebar (djhjckkfgancelbmgcamjimgphaphjdl) – 10,000 users

Google Gemini (fdlagfnfaheppaigholhoojabfaapnhb) – 10,000 users

In total, the 30 extensions were downloaded more than 300,000 times.

Via BleepingComputer

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.