30 malicious Chrome extensions used by over 300,000 users are pretending to be AI assistants to steal credentials, browsing information, and email content. Few extensions are still active in the Chrome Web Store and have been downloaded by tens of thousands of users.
Experts at browser security platform LayerX found the malicious extension campaign and labelled it AiFrame. They discovered that all studied extensions are part of the same malicious attack as they interact with infrastructure under a single domain, tapnetic[.]pro.
Experts said that the most famous extension in the AiFrame operation had 80,000 users and was termed Gemini AI Sidebar (fppbiomdkfbhgjjdmojlogeceejinadg), but it isn’t available in the Chrome Web Store.
According to BleepingComputer, other extensions with over thousand users are still active on Google’s repository for Chrome extensions. The names might be different, but the classification is the same.
LayerX discovered that all 30 extensions have the same Javascript logic, permissions, internal structure, and backend infrastructure.
The infected browser add-ons do not apply AI functionality locally.
This can be risky because publishers can modify the extensions’ logic without any update, similar to the Microsoft Office Add-ins. This helps them escape the new review.
Besides this, the extension takes out page content from the sites that users visit. This includes verification pages via Mozilla’s Readability library.
According to LayerX, a group of 15 extensions exclusively target Gmail data by injecting UI components with a content script that executes at “document_start” on “mail.google.com.” The script repeatedly retrieves email thread text using “.textContent” after reading visible email content straight from the DOM. Even email drafts can be recorded, according to the researchers. According to a report released today by LayerX, “the extracted email content is passed into the extension’s logic and transmitted to third-party backend infrastructure controlled by the extension operator when Gmail-related features like AI-assisted replies or summaries are invoked.”
Additionally, the extensions have a way for remotely triggering speech recognition and transcript creation that uses the “Web Speech API” to provide operators with the results. The extensions may potentially intercept chats from the victim’s surroundings, depending on the permissions that are provided. Google has not responded to BleepingComputer’s request for comment on LayerX results by the time of publication. For the full list of malicious extensions, it is advised to consult LayerX’s list of indicators of compromise. Users should reset the passwords for all accounts if the intrusion is verified.
Read the original article: