260K Chrome Users Infected by Fake AI Extensions Stealing Data | Ghacks Technology News

The Rise of ‘AiFrame’ and the Shadowy World of Malicious AI Extensions

Over 260,000 Chrome users have unwittingly installed browser extensions masquerading as helpful AI assistants. Researchers at LayerX uncovered a coordinated campaign involving over 30 fake Chrome extensions, mimicking services like ChatGPT, and Claude. This isn’t a new phenomenon – malicious Chrome extensions have plagued users for years, evolving from fake VPNs to sophisticated spyware. However, the current wave leverages the surging popularity and inherent trust associated with artificial intelligence.

How the ‘AiFrame’ Architecture Works

The malicious extensions share nearly identical code, permissions, and backend infrastructure, suggesting a single threat actor. Instead of delivering full functionality within the extension itself, they employ what researchers call an “AiFrame” architecture. This involves loading a full-screen iframe from remote domains – such as subdomains of tapnetic[.]pro – which then overlays the current webpage, presenting a fake AI interface. Crucially, these extensions pull instructions dynamically from backend servers, allowing attackers to change the extension’s behavior remotely without requiring updates through the Chrome Web Store.

As Natalie Zargarov, a security researcher at LayerX, explained, this technique creates a “nearly invisible man-in-the-middle attack” that intercepts sensitive data before it reaches legitimate services.

Gmail: A Prime Target for Data Exfiltration

Fifteen of the identified malicious extensions specifically targeted Gmail users. These versions activated on Gmail’s website, injected interface elements, and used scripts to persist even within dynamic pages. They accessed email threads and, in some cases, even draft content, transmitting the extracted data back to remote servers. The extensions’ broad permissions likewise allowed them to access data across virtually any website a user visited, including enterprise dashboards and SaaS platforms.

Enterprise Risks: Remotely Controlled Access Brokers

The implications for businesses are significant. These extensions effectively function as remotely controlled access brokers, combining privileged browser permissions with backend-controlled interfaces. Attackers can scrape structured data, extract metadata, capture sensitive enterprise data within authenticated sessions, and transmit it outside of secure browser boundaries. The infrastructure relies on themed subdomains under tapnetic[.]pro, with a rapid “extension spraying” tactic – when one extension is removed, nearly identical copies quickly reappear under new identifiers.

The most downloaded extension linked to the AiFrame operation, Gemini AI Sidebar, reached 80,000 users before removal. Other still-available extensions include AI Sidebar (70,000 users), AI Assistant (60,000 users), ChatGPT Translate (30,000 users), AI GPT (20,000 users), ChatGPT (20,000 users), AI Sidebar (10,000 users), and Google Gemini (10,000 users).

Why This Attack Is Different

Modern browser extensions possess access levels comparable to endpoint software. Combined with automatic updates, remote content loading, and broad site permissions, they develop into potent spy mechanisms. The remote nature of the malicious logic means that simply removing individual extensions has limited impact.

Protecting Your Organization: A Layered Defense

Security experts recommend a multi-faceted approach to mitigate the risks:

1. Restrict Extension Installations: Allow only vetted browser add-ons through enterprise policy controls.
2. Monitor High-Risk Permissions: Flag extensions requesting , cookie access, or content script injection.
3. Monitor Telemetry: Watch for unusual DOM scraping, iframe injection, and suspicious outbound connections.
4. Enforce Network Controls: Utilize DNS filtering, egress monitoring, and data loss prevention (DLP) systems.
5. Strengthen Identity Protections: Implement multi-factor authentication (MFA), device trust policies, and least-privilege access.
6. Audit Regularly: Conduct threat hunting and browser configuration reviews to detect extension spraying.

The Future of AI-Themed Threats

This campaign highlights a growing trend: attackers are exploiting the trust and popularity of AI tools. As AI assistants become increasingly integrated into daily workflows, mimicking their interfaces to collect sensitive information will likely become more common. Browser extensions, deserve the same level of scrutiny as traditional installed software.

FAQ

Q: What is an ‘AiFrame’ extension?
A: An ‘AiFrame’ extension is a malicious browser extension that uses iframes to mimic legitimate AI interfaces, intercepting user data and allowing remote control by attackers.

Q: How can I tell if a Chrome extension is malicious?
A: Look for extensions requesting excessive permissions, particularly . Be wary of extensions from unknown developers or those with limited reviews.

Q: What data is at risk from these malicious extensions?
A: Sensitive data such as ChatGPT session tokens, Gmail content, browsing history, and enterprise data accessed through web applications can be compromised.

Q: Are there tools to help detect malicious extensions?
A: While no single tool is foolproof, enterprise security solutions with browser security features and regular security audits can help detect and prevent unauthorized extensions.

Have you recently reviewed the extensions installed in your browser? Share your thoughts and experiences in the comments below!