AiFrame malicious Chrome extension campaign
Campaign
Summary
Hide ▲
Show ▼
The AiFrame campaign uses fake AI assistants in the Chrome Web Store to distribute 30 malicious Chrome extensions that can steal email content, browser content, and sensitive data. Researchers at LayerX said the add-ons impersonate tools such as Gemini AI Sidebar and ChatGPT Translate, while routing prompts through attacker-controlled infrastructure. The campaign has drawn more than 260,000 downloads, and some extensions were still available more than 24 hours after LayerX published its findings.
Related Happenings
Chrome Web Store malicious extensions coordinated campaign using shared C2
Campaign
First: 14.04.2026 23:33
Last: 14.04.2026 23:33
Sources 1
About this happening:
A coordinated **Chrome Web Store** extension operation is stealing **Google OAuth2 Bearer tokens**, deploying **backdoors**, and running **ad fraud** across more than **100 malici...
Chrome Web Store malicious extensions coordinated campaign using shared C2
CampaignAbout this happening: A coordinated **Chrome Web Store** extension operation is stealing **Google OAuth2 Bearer tokens**, deploying **backdoors**, and running **ad fraud** across more than **100 malici...
108 Malicious Google Chrome extensions sharing a C2 backend
Malware Activity
First: 14.04.2026 11:35
Last: 14.04.2026 11:35
Sources 1
About this happening:
**108 malicious Google Chrome extensions** were found to use the same **C2 infrastructure** to steal credentials, sessions, and browsing data while injecting ads and arbitrary Jav...
108 Malicious Google Chrome extensions sharing a C2 backend
Malware ActivityAbout this happening: **108 malicious Google Chrome extensions** were found to use the same **C2 infrastructure** to steal credentials, sessions, and browsing data while injecting ads and arbitrary Jav...
Legitimate-looking Chrome extension prompt-poaching campaign
Campaign
First: 25.03.2026 13:00
Last: 25.03.2026 13:00
Sources 1
About this happening:
A recurring **Chrome extension** campaign is stealing **AI conversations** from users, exposing prompts, answers, and other sensitive content to attacker-controlled servers. The a...
Legitimate-looking Chrome extension prompt-poaching campaign
CampaignAbout this happening: A recurring **Chrome extension** campaign is stealing **AI conversations** from users, exposing prompts, answers, and other sensitive content to attacker-controlled servers. The a...
LayerX font-rendering PoC exposes a browser-rendering gap in AI assistant analysis
Technical Analysis
First: 17.03.2026 15:59
Last: 17.03.2026 15:59
Sources 1
About this happening:
A **LayerX** proof-of-concept showed that a **font-rendering attack** can hide malicious webpage commands from AI assistants, creating a risk of **unsafe guidance** when the brows...
LayerX font-rendering PoC exposes a browser-rendering gap in AI assistant analysis
Technical AnalysisAbout this happening: A **LayerX** proof-of-concept showed that a **font-rendering attack** can hide malicious webpage commands from AI assistants, creating a risk of **unsafe guidance** when the brows...
ClickFix MacSync social-engineering campaign targeting macOS users
Campaign
First: 16.03.2026 13:41
Last: 16.03.2026 13:41
Sources 1
About this happening:
A **ClickFix** campaign is using **fake Cloudflare CAPTCHA verification challenges**, **embedded video tutorials**, and **automatic OS detection** to trick victims into pasting an...
ClickFix MacSync social-engineering campaign targeting macOS users
CampaignAbout this happening: A **ClickFix** campaign is using **fake Cloudflare CAPTCHA verification challenges**, **embedded video tutorials**, and **automatic OS detection** to trick victims into pasting an...
Timeline
-
12.02.2026 15:41 4 articles · 3mo ago
AiFrame malicious Chrome extension campaign disclosed
Initial DisclosureLayerX identified AiFrame, a coordinated campaign of 30 malicious Chrome extensions installed by more than 300,000 users that masquerade as AI assistants to steal credentials, email content, and browsing information from Chrome users. The extensions share internal structure, JavaScript logic, permissions, and backend infrastructure under tapnetic[.]pro; a subset of 15 targets Gmail on mail.google.com at document_start, and the operators can also collect voice and transcript data through Web Speech API and remote control.
Show sources
- Fake AI Chrome extensions with 300K users steal credentials, emails — www.bleepingcomputer.com — 12.02.2026 15:41
- Fake AI Chrome extensions with 300K users steal credentials, emails — www.bleepingcomputer.com — 12.02.2026 15:41
- Fake AI Assistants in Google Chrome Web Store Steal Passwords and Spy on Emails — www.infosecurity-magazine.com — 13.02.2026 13:25
- 260K+ Chrome Users Duped by Fake AI Browser Extensions — www.darkreading.com — 16.02.2026 16:00