Malicious Chrome AI Extensions Compromise Over 260,000 Users Through Injected IFrames
A recent cybersecurity investigation has uncovered a coordinated campaign involving malicious Chrome extensions that impersonate popular AI tools such as ChatGPT, Claude, Gemini, and Grok. These deceptive AI assistants have been installed by more than 260,000 users, turning seemingly helpful browser add-ons into sophisticated surveillance tools.
The Deceptive Extensions
Security researchers identified at least 30 Chrome extensions promoted as AI tools for tasks like summarizing content, chatting, translating, generating images, and enhancing Gmail productivity. Despite their varied names and icons, these extensions share identical codebases, permissions, and backend infrastructures, indicating a single, organized operation. Notably, some of these extensions were marked as Featured in the Chrome Web Store, which likely increased user trust and download rates.
List of Malicious Extensions
Below is a selection of the identified malicious extensions, their corresponding IDs, and the number of installations:
| Extension ID | Name | Installs |
|——————————————–|——————————|———-|
| nlhpidbjmmffhoogcennoiopekbiglbp | AI Assistant | 50,000 |
| gcfianbpjcfkafpiadmheejkokcmdkjl | Llama | 147 |
| fppbiomdkfbhgjjdmojlogeceejinadg | Gemini AI Sidebar | 80,000 |
| djhjckkfgancelbmgcamjimgphaphjdl | AI Sidebar | 9,000 |
| llojfncgbabajmdglnkbhmiebiinohek | ChatGPT Sidebar | 10,000 |
| gghdfkafnhfpaooiolhncejnlgglhkhe | AI Sidebar | 50,000 |
| cgmmcoandmabammnhfnjcakdeejbfimn | Grok | 261 |
| phiphcloddhmndjbdedgfbglhpkjcffh | Asking Chat Gpt | 396 |
| pgfibniplgcnccdnkhblpmmlfodijppg | ChatGBT | 1,000 |
| nkgbfengofophpmonladgaldioelckbe | Chat Bot GPT | 426 |
| gcdfailafdfjbailcdcbjmeginhncjkb | Grok Chatbot | 225 |
| ebmmjmakencgmgoijdfnbailknaaiffh | Chat With Gemini | 760 |
| baonbjckakcpgliaafcodddkoednpjgf | XAI | 138 |
| fdlagfnfaheppaigholhoojabfaapnhb | Google Gemini | 7,000 |
| gnaekhndaddbimfllbgmecjijbbfpabc | Ask Gemini | 1,000 |
| hgnjolbjpjmhepcbjgeeallnamkjnfgi | AI Letter Generator | 129 |
| lodlcpnbppgipaimgbjgniokjcnpiiad | AI Message Generator | 24 |
| cmpmhhjahlioglkleiofbjodhhiejhei | AI Translator | 194 |
| bilfflcophfehljhpnklmcelkoiffapb | AI For Translation | 91 |
| cicjlpmjmimeoempffghfglndokjihhn | AI Cover Letter Generator | 27 |
| ckneindgfbjnbbiggcmnjeofelhflhaj | AI Image Generator Chat GPT | 249 |
| dbclhjpifdfkofnmjfpheiondafpkoed | Ai Wallpaper Generator | 289 |
| ecikmpoikkcelnakpgaeplcjoickgacj | Ai Picture Generator | 813 |
| kepibgehhljlecgaeihhnmibnmikbnga | DeepSeek Download | 275 |
| ckicoadchmmndbakbokhapncehanaeni | AI Email Writer | 64 |
| fnjinbdmidgjkpmlihcginjipjaoapol | Email Generator AI | 881 |
| gohgeedemmaohocbaccllpkabadoogpl | DeepSeek Chat | 1,000 |
| flnecpdpbhdblkpnegekobahlijbmfok | ChatGPT Picture Generator | 251 |
| acaeafediijmccnjlokgcdiojiljfpbe | ChatGPT Translate | 30,000 |
| kblengdlefjpjkekanpoidgoghdngdgl | AI GPT | 20,000 |
| idhknpoceajhnjokpnbicildeoligdgh | ChatGPT Translation | 1,000 |
| fpmkabpaklbhbhegegapfkenkmpipick | Chat GPT for Gmail | 1,000 |
Operational Tactics
When one of these extensions is removed from the Chrome Web Store, attackers swiftly upload a clone with a new name and ID, a tactic known as extension spraying. Instead of executing AI features locally, these extensions load full-screen iframes from attacker-controlled domains, such as tapnetic[.]pro. This method allows operators to alter functionality remotely without needing to update the extension through the Chrome Web Store.
Capabilities and Risks
Once installed, these extensions can:
– Extract Readable Content: They can access and extract content from active browser tabs, including authenticated pages, potentially exposing sensitive information.
– Capture Voice Input: Utilizing the Web Speech API, they can record voice inputs, compromising user privacy.
– Track Installations and Uninstallations: Through hidden telemetry, they monitor when the extension is installed or removed, providing attackers with insights into user behavior.
A specific subset of 15 extensions focuses on Gmail, injecting scripts directly into mail.google[.]com. These scripts monitor page changes and continuously collect visible email content, including threads, drafts, and replies, which are then transmitted to attacker-controlled servers.
Protective Measures
To safeguard against such threats, users are advised to:
1. Review Installed Extensions: Regularly audit browser extensions, especially those claiming to offer AI functionalities.
2. Verify Developer Credentials: Ensure extensions are developed by reputable sources and have positive user reviews.
3. Limit Permissions: Be cautious of extensions requesting extensive permissions that seem unnecessary for their stated functionality.
4. Stay Updated: Keep abreast of cybersecurity news to be aware of emerging threats and compromised extensions.
By remaining vigilant and proactive, users can better protect themselves from malicious extensions that exploit the growing interest in AI tools.
