- LayerX Found 30 Malicious Chrome Extensions Impersonating GenAI Tools
- Extensions exfiltrated page text, metadata, and Gmail content to attacking servers
- More than 300,000 downloads; Popular plugins include AI Sidebar, AI Assistant, and ChatGPT Translate.
Security researchers have discovered more than 30 malicious Chrome extensions that posed as GenAI plugins but were actually surveillance and content theft tools.
LayerX experts reported dozens of Chrome extensions on the Google Chrome Web Store, all posing as AI tools and assistants.
While on the surface they work with indentation, in the background, they are filtering everything they see in the web browser to a third-party server.
Full Screen Frames
As LayerX explained, the extensions use Mozilla’s Readability library to extract the text, titles, and metadata of any page a user visits, including internal corporate or authenticated private pages.
In other words, they act as spies watching over the shoulders of their victims. When they view a website or Gmail, the extension “reads” the text on the screen and then sends it to a hidden window within the extension.
In fact, there is a specific subset of 15 extensions that includes code to read and extract email content and even draft messages from the Gmail interface.
The attackers also went to great lengths to avoid being seen or examined. At the same time, they made sure they could send updates to extensions without triggering any alarms. They did this by using full screen iframes to load content remotely, rather than running functions locally.
Since the interface and logic are loaded from a remote server, you can change the behavior of the extension at any time without needing to submit an update through the Chrome Web Store.
beepcomputer Made a list of the most popular malicious plugins, so if you have any of these installed, be sure to remove them and update your passwords:
AI Sidebar (gghdfkafnhfpaooiolhncejnlgglhkhe): 70,000 users
AI Assistant (nlhpidbjmmffhoogcennoiopekbiglbp): 60,000 users
ChatGPT Translator (acaeafediijmccnjlokgcdiojiljfpbe) – 30,000 users
AI GPT (kblengdlefjpjkekanpoidgoghdngdgl) – 20,000 users
ChatGPT (llojfncgbabajmdglnkbhmiebiinohek) – 20,000 users
AI Sidebar (djhjckkfgancelbmgcamjimgphaphjdl) – 10,000 users
Google Gemini (fdlagfnfaheppaigholhoojabfaapnhb) – 10,000 users
In total, the 30 extensions were downloaded more than 300,000 times.
Through beepcomputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
