Fake AI Chrome extensions with 300K users steal credentials, emails (www.bleepingcomputer.com)

submitted 3 days ago* (last edited 3 days ago) by Zerush@lemmy.ml to c/security@lemmy.ml

3 comments fedilink hide all child comments

A malicious campaign of 30 Chrome extensions masquerading as AI assistants has infected over 300,000 users, stealing credentials, email content, and browsing data[^1]. The extensions, dubbed "AiFrame" by LayerX researchers, share common infrastructure under the domain tapnetic[.]pro and use iframes to load remote content rather than implementing actual AI functionality[^1].

Popular malicious extensions still available on the Chrome Web Store include:

AI Sidebar (70,000 users)
AI Assistant (60,000 users)
ChatGPT Translate (30,000 users)
AI GPT (20,000 users)

The extensions specifically target Gmail data through content scripts that extract email content, drafts, and thread text. They can also capture voice recordings using Web Speech API and transmit data to remote servers controlled by the operators[^1].

[^1]: BleepingComputer - Fake AI Chrome extensions with 300K users steal credentials, emails

top 3 comments

sorted by: hot top controversial new old

[-] OwOarchist@pawb.social 8 points 3 days ago

AI "assistants" stealing slightly more data than usual... Who would have thought?

[-] eldavi@lemmy.ml 3 points 3 days ago

that's why i'm glad i'm no longer working on anything cutting edge; just bored, old tired stuff that you could have found on stackexchange and google. lol

[-] furzegulo@lemmy.dbzer0.com 2 points 3 days ago

play stupid games, win stupid prizes

this post was submitted on 13 Feb 2026

28 points (100.0% liked)

Security

5753 readers

8 users here now

Confidentiality Integrity Availability

founded 6 years ago

MODERATORS

gary_host_laptop@lemmy.ml