Find notable cyber news and cases, enriched with sources, timelines, and signals.

AiFrame malicious Chrome extension campaign

Campaign
First reported
Last updated
Happening score
H score 40
3 unique sources, 3 articles

Summary

Hide ▲

The AiFrame campaign uses fake AI assistants in the Chrome Web Store to distribute 30 malicious Chrome extensions that can steal email content, browser content, and sensitive data. Researchers at LayerX said the add-ons impersonate tools such as Gemini AI Sidebar and ChatGPT Translate, while routing prompts through attacker-controlled infrastructure. The campaign has drawn more than 260,000 downloads, and some extensions were still available more than 24 hours after LayerX published its findings.

Related Happenings

Search for perplexity ai malicious Chrome extension

Malware Activity
H score29 First: 29.06.2026 21:40 Last: 29.06.2026 21:40 Sources 1

About this happening: A malicious **Chrome extension** named **Search for perplexity ai** impersonated **Perplexity AI** while **intercepting search traffic** and collecting **browsing information** th...

Commercial adware and traffic-attribution-fraud affiliate operation using Chrome extensions

Threat Actor Meta
H score20 First: 15.06.2026 14:07 Last: 15.06.2026 14:07 Sources 1

About this happening: Researchers found a **commercial adware** and **traffic-attribution-fraud affiliate operation** abusing **Chrome extensions** to fabricate traffic signals and monetize installs, i...

Chrome extension PUP distribution network with fake organic traffic

Malware Activity
H score18 First: 15.06.2026 14:07 Last: 15.06.2026 14:07 Sources 1

About this happening: A network of **152 Google Chrome extensions** is distributing a **potentially unwanted program (PUP) family** through new-tab live-wallpaper add-ons, creating a broad browser-base...

AI chatbot cryptojacking campaign targeting high-performance GPU users

Campaign
H score51 First: 27.05.2026 10:45 Last: 27.05.2026 10:45 Sources 1

About this happening: An active **cryptojacking campaign** is using **SEO poisoning** and, in some cases, **AI chatbot recommendations** to steer users toward malicious download pages for trusted utili...

Chrome Web Store malicious extensions coordinated campaign using shared C2

Campaign
H score38 First: 14.04.2026 23:33 Last: 14.04.2026 23:33 Sources 1

About this happening: A coordinated **Chrome Web Store** extension operation is stealing **Google OAuth2 Bearer tokens**, deploying **backdoors**, and running **ad fraud** across more than **100 malici...

Timeline

  1. 12.02.2026 15:41 4 articles · 4mo ago

    AiFrame malicious Chrome extension campaign disclosed

    Initial Disclosure

    LayerX identified AiFrame, a coordinated campaign of 30 malicious Chrome extensions installed by more than 300,000 users that masquerade as AI assistants to steal credentials, email content, and browsing information from Chrome users. The extensions share internal structure, JavaScript logic, permissions, and backend infrastructure under tapnetic[.]pro; a subset of 15 targets Gmail on mail.google.com at document_start, and the operators can also collect voice and transcript data through Web Speech API and remote control.

    Show sources