Attackers used fake AI extensions in the Chrome Web Store to try and steal user data.
More than thirty innocent-looking AI extensions in the Google Chrome Web Store have been found to facilitate large-scale data theft and have already been installed by at least 260,000 users in total.
Fake AI assistants
Security researcher LayerX Security discovered the campaign, which was named AiFrame. The extensions pose as AI assistants or integrations with popular chatbots such as ChatGPT, Claude, Gemini, and Grok. In practice, they all share the same codebase and communicate with infrastructure under the tapnetic[.]pro domain.
The extensions use iframe code that looks like a standard interface, but allows attackers to remotely modify functionality without an update via the Chrome Web Store. This enables them to read webpage content, including authentication data, and forward it to external servers. Some extensions even support speech recognition and include transcriptions in the data sent.
Gmail specifically targeted
Nearly half of the extensions specifically target Gmail. They read email content directly from the browser, including drafts and ongoing conversations, and forward it. According to LayerX, the campaign exploits the trust users place in AI tools and their tendency to entrust them with sensitive information.
Notably, several extensions are sometimes republished under different names and remain available. Google has not yet responded publicly. LayerX advises users and organizations to critically vet AI extensions and consult the list of known extension IDs before installing anything.
read also