Malicious AI Extensions Compromise 300,000 Chrome Users

A widespread cyberattack involving fraudulent Google Chrome extensions has impacted over 300,000 users by leveraging the current demand for artificial intelligence tools. An investigation by security firm LayerX has identified a coordinated operation dubbed “AiFrame,” which utilized more than 30 malicious add-ons to steal credentials, private emails, and browsing history.

The malicious extensions successfully bypassed initial scrutiny on the official Chrome Web Store by appearing as legitimate AI sidebars, translators, and assistants. Among the most popular were:

• Gemini AI Sidebar: 80,000 installations.

• AI Sidebar: 70,000 installations.

• AI Assistant: 60,000 installations.

• ChatGPT Translate: 30,000 installations.

Technically, these extensions shared nearly identical JavaScript logic and backend infrastructure. Instead of processing AI functions locally, they loaded full-screen iframes from remote domains. This allowed the attackers to alter the extensions’ behavior dynamically without submitting new versions for store review, effectively evading security updates.

While users believed they were interacting with AI tools, the plugins were exfiltrating sensitive data in the background. A subset of 15 extensions specifically targeted Gmail. When a user accessed their inbox, scripts would trigger to read visible message content and even capture email drafts.

When users utilized “AI features” to summarize or reply to messages, the content was transmitted directly to attacker-controlled servers. Furthermore, some extensions included voice recognition capabilities to transcribe audio and send transcriptions to remote servers.

Mitigation and Safety Recommendations

Security experts advise users to immediately audit their browser extensions against the indicators of compromise published by LayerX. If any of the identified malicious tools are present, they should be uninstalled immediately. Additionally, affected users are strongly encouraged to reset passwords for all sensitive accounts, particularly Gmail and other platforms accessed during the infection period.