- LayerX found 30 malicious Chrome extensions masquerading as GenAI tools
- Extensions exfiltrated page text, metadata, and Gmail content to attacker servers
- Over 300,000 downloads; Popular add-ons included AI Sidebar, AI Assistant and ChatGPT Translate
Security researchers have discovered more than 30 malicious Chrome extensions that posed as GenAI add-ons but were actually surveillance and content theft tools.
The experts at LayerX reported dozens of Chrome extensions by the Google Chrome Webshop, all posing as AI tools and assistants.
While on the surface they act as indents, in the background they exfiltrate everything they see in the web browser to a third-party server.
Full screen frames
As LayerX explained, the extensions use Mozilla’s Readability library to extract text, titles and metadata on any page a user visits, including internal corporate or private authenticated pages.
In other words, they act as spies, looking over their victims’ shoulders. When they view a website or Gmail, the extension “reads” the text on the screen and then sends it to a hidden window inside the extension.
In fact, there is a specific subset of 15 extensions that include code to read and extract email content and even draft messages from the Gmail interface.
The attackers also went to great lengths to avoid being seen or scrutinized. At the same time, they made sure they could push updates to the extensions without triggering alerts. They did this by using fullscreen iframes to load content externally instead of running functions locally.
Since the interface and logic are loaded from an external server, they can change the extension’s behavior at any time without having to push an update through the Chrome Webshop.
Bleeping Computer made a list of the most popular among the malicious add-ons, so if you have any of these installed, be sure to delete them and update your passwords:
AI Sidebar (gghdfkafnhfpaooiolhncejnlgglhkhe) – 70,000 users
AI Assistant (nlhpidbjmmffhoogcennoiopekbiglbp) – 60,000 users
ChatGPT Translate (acaeafediijmccnjlokgcdiojiljfpbe) – 30,000 users
AI GPT (kblengdlefjpjkekanpoidgoghdngdgl) – 20,000 users
ChatGPT (llojfncgbabajmdglnkbhmiebiinohek) – 20,000 users
AI Sidebar (djhjckkfgancelbmgcamjimgphaphjdl) – 10,000 users
Google Gemini (fdlagfnfaheppaigholhoojabfaapnhb) – 10,000 users
In total, the 30 extensions were downloaded more than 300,000 times.
Via Bleeping Computer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
