Over 260,000 Google Chrome users have downloaded fake AI assistants designed to deliver malicious browser extensions which can steal login credentials, monitor emails and enable remote access by attackers.
Over 30 Google Chrome extensions designed to deliver the phoney AI assistants have been identified by cybersecurity researchers at LayerX, who describe the campaign as a “single coordinated operation.”
“Notably, several of the extensions in this campaign were featured by the Chrome Web Store, increasing their perceived legitimacy and exposure,” they said.
One of these was called ‘AI Assistant,’ which masqueraded as an extension for Anthropic’s Claude AI and was downloaded over 50,000 times. Other extensions mimicked other popular AI assistants and chatbots, including ChatGPT, Grok and Google Gemini.
The malicious extensions were published under different names and with various use cases, but the way they share underlying codebase, permissions and backend infrastructure has led researchers to suggest they all form part of one campaign they have called AiFrame, which has engaged in “extension spraying.”
This technique is used by attackers to evade takedowns, as when one extension is removed, others remain available to download, or the extension gets quickly replaced to ensure the campaign remains active.
Some of the malicious extensions direct users to infrastructure which is hosted away from the Chrome Web Store, which helped them to avoid being flagged as dangerous.
Another trick used by the fake AI assistants is based on a full screen iframe, which overlays another page over the current one. This new frame, which to the user looks like an extension of the user interface, is pointed towards a remote domain which allows the attackers to load remote content and capabilities, away from the Chrome Web Store.
This also allows the fake AI assistants to exfiltrate data from the Google Chrome Browser and Gmail to servers controlled by the attacker.
LayerX warned that the malicious extensions are “general-purpose access brokers, capable of harvesting data, monitoring user behaviour and evolving silently over time.”
“While framed as productivity tools, their architecture is incompatible with reasonable expectations of privacy and transparency,” they added.
Many of the malicious Chrome extensions now appear to have been removed from the Chrome Web Store, but users who’ve downloaded them could still be at risk.
Infosecurity has contacted Google for comment.
