- LayerX found 30 malicious Chrome extensions masquerading as GenAI tools
- The extensions exfiltrated page text, metadata and Gmail content to the attackers’ servers
- More than 300,000 downloads; Popular add-ons included AI Sidebar, AI Assistant, and ChatGPT Translate
Security researchers discovered more than 30 malicious Chrome extensions that masqueraded as GenAI add-ons but were actually monitoring and content theft tools.
LayerX experts have reported dozens of Chrome extensions from the Google Chrome Web Store, all masquerading as AI tools and assistants.
While on the surface they operate in the background, in the background they exfiltrate everything they see in the web browser to a third-party server.
Full screen frames
As LayerX explained, the extensions use Mozilla’s Readability library to extract text, titles, and metadata from any page a user visits, including authenticated internal corporate or private pages.
In other words, they act like spies watching over their victims’ shoulders. When they visit a website or Gmail, the extension “reads” the text on the screen and then sends it to a hidden window inside the extension.
In fact, there is a specific subset of 15 extensions that include code to read and extract email content and even compose messages from the Gmail interface.
The attackers also went to great lengths to avoid being seen or scrutinized. At the same time, they made sure they could send updates to extensions without raising any alarms. To do this, they used full-screen iframes to load content remotely, instead of running functionality locally.
Since the interface and logic are loaded from a remote server, they can change the extension’s behavior at any time without needing to push an update through the Chrome Web Store.
BeepComputer has compiled a list of the most popular malicious add-ons, so if you have any of them installed, be sure to remove them and refresh your passwords:
AI Sidebar (gghdfkafnhfpaooiolhncejnlgglhkhe) – 70,000 users
AI Assistant (nlhpidbjmmffhoogcennoiopekbiglbp) – 60,000 users
ChatGPT Translate (acaeafediijmccnjlokgcdiojiljfpbe) – 30,000 users
AI GPT (kblengdlefjpjkekanpoidgoghdngdgl) – 20,000 users
ChatGPT (llojfncgbabajmdglnkbhmiebiinohek) – 20,000 users
AI Sidebar (djhjckkfgancelbmgcamjimgphaphjdl) – 10,000 users
Google Gemini (fdlagfnfaheppaigholhoojabfaapnhb) – 10,000 users
In total, the 30 extensions have been downloaded more than 300,000 times.
Via BeepComputer
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
