Malicious AI Assistant Extensions Target 260,000 Chrome Users in Coordinated Campaign
Cybersecurity researchers at LayerX have uncovered a large-scale campaign involving over 30 fake AI assistant extensions for Google Chrome, collectively downloaded by 260,000 users. Dubbed AiFrame, the operation deploys malicious browser extensions designed to steal login credentials, monitor emails, and enable remote access by attackers.
The extensions masqueraded as legitimate AI tools, including clones of Anthropic’s Claude AI, ChatGPT, Grok, and Google Gemini. One notable example, "AI Assistant," impersonated Claude AI and was installed over 50,000 times. Despite their varied names and functionalities, the extensions shared a common codebase, permissions, and backend infrastructure, indicating a single coordinated effort.
To evade detection, the attackers employed "extension spraying" a tactic where multiple extensions are deployed simultaneously. If one is removed, others remain active or are quickly replaced. Some extensions also redirected users to external infrastructure, bypassing Chrome Web Store security checks. Another technique involved full-screen iframes, overlaying malicious remote content to exfiltrate data from Chrome and Gmail to attacker-controlled servers.
LayerX described the extensions as "general-purpose access brokers", capable of harvesting data, tracking user behavior, and evolving undetected. While many have since been removed from the Chrome Web Store, users who installed them may still be at risk.
Google has been contacted for comment, but the campaign highlights the growing threat of malicious AI-themed extensions exploiting user trust in popular tools.
Source: https://www.infosecurity-magazine.com/news/fake-ai-assistants-google-chrome/
Anthropic TPRM report: https://www.rankiteo.com/company/anthropicresearch
OpenAI TPRM report: https://www.rankiteo.com/company/openai
"id": "antope1770985527",
"linkid": "anthropicresearch, openai",
"type": "Cyber Attack",
"date": "2/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '260,000',
'location': 'Global',
'name': 'Google Chrome Users',
'size': '260,000 users',
'type': 'Individuals'}],
'attack_vector': 'Malicious Chrome Extensions',
'customer_advisories': 'Users who installed the malicious extensions should '
'remove them immediately and monitor their accounts '
'for suspicious activity.',
'data_breach': {'data_exfiltration': 'Yes (to attacker-controlled servers)',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (Personally Identifiable '
'Information, Authentication Data)',
'type_of_data_compromised': ['Login credentials',
'Emails',
'User behavior data']},
'description': 'Cybersecurity researchers at LayerX uncovered a large-scale '
'campaign involving over 30 fake AI assistant extensions for '
'Google Chrome, collectively downloaded by 260,000 users. The '
'operation, dubbed AiFrame, deploys malicious browser '
'extensions designed to steal login credentials, monitor '
'emails, and enable remote access by attackers. The extensions '
'masqueraded as legitimate AI tools, including clones of '
'Anthropic’s Claude AI, ChatGPT, Grok, and Google Gemini. One '
"notable example, 'AI Assistant,' impersonated Claude AI and "
'was installed over 50,000 times. The extensions shared a '
'common codebase, permissions, and backend infrastructure, '
'indicating a single coordinated effort. Attackers used '
"'extension spraying' to evade detection and full-screen "
'iframes to exfiltrate data from Chrome and Gmail to '
'attacker-controlled servers.',
'impact': {'brand_reputation_impact': 'Erosion of user trust in AI-themed '
'browser extensions',
'data_compromised': 'Login credentials, emails, user behavior data',
'identity_theft_risk': 'High',
'operational_impact': 'Potential unauthorized access to user '
'accounts and systems',
'systems_affected': 'Google Chrome browsers with malicious '
'extensions installed'},
'initial_access_broker': {'backdoors_established': 'Remote access '
'capabilities',
'entry_point': 'Malicious Chrome Extensions'},
'investigation_status': 'Ongoing',
'lessons_learned': 'The incident highlights the growing threat of malicious '
'AI-themed extensions exploiting user trust in popular '
'tools and the need for stricter security checks in '
'browser extension marketplaces.',
'motivation': 'Data theft, credential harvesting, remote access',
'post_incident_analysis': {'corrective_actions': ['Removal of malicious '
'extensions from Chrome Web '
'Store',
'Enhanced monitoring of '
'AI-themed extensions',
'User education on risks of '
'malicious extensions'],
'root_causes': ['User trust in AI-themed '
'extensions',
'Insufficient security checks in '
'Chrome Web Store',
'Sophisticated evasion techniques '
'(extension spraying, full-screen '
'iframes)']},
'recommendations': ['Users should uninstall suspicious or unused browser '
'extensions.',
'Chrome Web Store should implement stricter security '
'checks for AI-themed extensions.',
'Users should monitor their accounts for unauthorized '
'access.',
'Organizations should educate users about the risks of '
'malicious browser extensions.'],
'references': [{'source': 'LayerX'}],
'response': {'containment_measures': 'Removal of malicious extensions from '
'Chrome Web Store',
'third_party_assistance': 'LayerX (Cybersecurity Researchers)'},
'title': 'Malicious AI Assistant Extensions Target 260,000 Chrome Users in '
'Coordinated Campaign',
'type': 'Malicious Browser Extensions',
'vulnerability_exploited': 'User trust in AI-themed extensions, lack of '
'stringent Chrome Web Store security checks'}