- LayerX found 30 malicious Chrome extensions posing as GenAI tools
- Extensions exfiltrated page text, metadata, and Gmail content to attacker servers
- Over 300,000 downloads; popular add-ons included AI Sidebar, AI Assistant, and ChatGPT Translate
Security researchers have discovered more than 30 malicious Chrome extensions that posed as GenAI add-ons, but were actually surveillance and content-stealing tools.
The experts from LayerX reported dozens of Chrome extensions of the Google Chrome Web Store, all posing as AI tools and assistants.
While on the surface they work as indented, in the background, they are exfiltrating everything they see in the web browser to a third-party server.
Full-screen frames
As LayerX explained, the extensions use Mozilla’s Readability library to extract the text, titles, and metadata of any page a user visits, including internal corporate or private authenticated pages.
In other words, they act as spies looking over their victims’ shoulders. When they view a website, or Gmail, the extension “reads” the text on the screen and then sends it to a hidden window inside the extension.
In fact, there is a specific subset of 15 extensions that includes code to read and extract email content and even draft messages from the Gmail interface.
The attackers also went to lengths to avoid being seen or scrutinized. At the same time, they made sure they could push updates to the extensions without triggering any alarms. They did this by using full-screen iframes to load content remotely, instead of running features locally.
Since the interface and logic are loaded from a remote server, they can change the extension's behavior at any time without needing to push an update through the Chrome Web Store.
BleepingComputer made a list of the most popular among the malicious add-ons, so if you have any of these installed, make sure to delete them and refresh your passwords:
AI Sidebar (gghdfkafnhfpaooiolhncejnlgglhkhe) – 70,000 users
AI Assistant (nlhpidbjmmffhoogcennoiopekbiglbp) – 60,000 users
ChatGPT Translate (acaeafediijmccnjlokgcdiojiljfpbe) – 30,000 users
AI GPT (kblengdlefjpjkekanpoidgoghdngdgl) – 20,000 users
ChatGPT (llojfncgbabajmdglnkbhmiebiinohek) – 20,000 users
AI Sidebar (djhjckkfgancelbmgcamjimgphaphjdl) – 10,000 users
Google Gemini (fdlagfnfaheppaigholhoojabfaapnhb) – 10,000 users
In total, the 30 extensions were downloaded more than 300,000 times.
Via BleepingComputer
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
